The CISO’s Checklist for Healthcare Acquisition

The CISO’s Checklist for Healthcare Acquisition


Any longtime observer of the healthcare industry has to be somewhat taken aback at the speed and breadth of the current healthcare provider industry consolidation; in 20171 alone, a large number of healthcare organizations went through some type of transaction, with 115 mergers and acquisitions announced. These trends have continued into 2018, with more existing clinical practices and regional hospitals being absorbed into larger hospital, clinical, and laboratory super-entities.

All too often, these large acquirers avoid discussing the state of security and data protection at these smaller practices, hospitals, and diagnostic centers. Newly consolidated entities should not wait to conduct annual security risk assessments and penetration tests – in fact, that due diligence should occur before the acquisition is completed.

The CISO (Chief Information Security Officer) in the healthcare environment has an important role to play during a major acquisition— whether they are the target for acquisition, or the acquirer, both face major consequences if security is not given the attention it warrants during the transition. When the security professionals on each side of the table are involved early and often, the security risks involved with an acquisition can be significantly reduced.

Critical Insight contact background

Talk to one of our cybersecurity experts

245 4th St Ste 405Bremerton, WA 98337

Looking for careers?

View all job openings