* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/) * [Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/category/cybersecurity-2/) * M\&A in Healthcare: M... # M\&A in Healthcare: Maintaining Security Throughout the Integration Process [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F08%2Fma-healthcare-maintaining-security-throughout-integration-process%2F) [](https://twitter.com/share?text=M%26%23038%3BA+in+Healthcare%3A+Maintaining+Security+Throughout+the+Integration+Process&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F08%2Fma-healthcare-maintaining-security-throughout-integration-process%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F08%2Fma-healthcare-maintaining-security-throughout-integration-process%2F&title=M%26%23038%3BA+in+Healthcare%3A+Maintaining+Security+Throughout+the+Integration+Process&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2014/08/ma-healthcare-maintaining-security-throughout-integration-process/&ts=markdown) \[\](mailto:?subject=M\&A in Healthcare: Maintaining Security Throughout the Integration Process) Link copied By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks") Aug 25, 2014 5 minutes [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown) [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown) [Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown) [Compliance](https://www.paloaltonetworks.com/blog/tag/compliance/?ts=markdown) [CSO](https://www.paloaltonetworks.com/blog/tag/cso/?ts=markdown) [M\&A](https://www.paloaltonetworks.com/blog/tag/ma/?ts=markdown) Tim Treat recently covered in his blog [the topic of M\&A and security](https://www.paloaltonetworks.com/blog/2014/07/next-generation-enterprise-security-platform-affects-mergers-and-acquisitions/). Given the rate of consolidation in healthcare -- the year-to-date level of announced [M\&A activity in the healthcare sector is at its highest](http://fortune.com/2014/04/24/health-care-ma-activity-hits-record-level/) since Thomson Reuters began tracking such deals in 1980 -- I wanted to follow-up with a deeper dive on best practices for healthcare providers. First, as investors and board members are starting to wake up to cyber risks, deal makers should also start to more systematically include cybersecurity as part of the due diligence process. [Infosecurity recently discussed the results of a survey](http://www.infosecurity-magazine.com/news/cybersecurity-review-should-be-a/) from an international law firm reporting that 82% of deal-makers believe that the risk of cyber-attacks will change deal processes over the next 18 months. When you buy a company, you're buying its data -- including its data security problems. For healthcare providers, this could include penalties for past failed compliance audits, theft of patient data including related and pending lawsuits, details of how past breaches or failed compliance audits have been handled, the good or bad reputation established by the acquired entity based on its privacy track record, and, in addition, any document (or lack of) describing how access to protected patient data is managed and maintained. Any of these could have direct impact on the value of the deal. Whether you're able to do this pre- or post- acquisition, the first step should be to deploy a Palo Alto Networks firewall on the perimeter of the acquired entity to get a first estimate of the type of traffic and assess the level of risk. One important point about our platform is that this does not have to be disruptive to day-to-day operations -- you can get better application visibility by simply adding our firewalls in tap mode. Post-acquisition, you'll want to consolidate around one set of systems and rationalize the now-shared application portfolio to realize some economy of scale. Here are some ways to safely proceed and not create any loopholes that would compromise highly regulated data: 1. **Prepare the environment** by developing a good understanding of potential risks and security weaknesses at the acquired entity: * Using Palo Alto Networks, collect as much intelligence as possible about the health of the acquired entity's security . * Gain visibility into all applications, users, content, sources and destinations of traffic especially at the perimeter and around critical systems. * Use this visibility to identify where security risks and challenges are the greatest. Flag which types of traffic or applications bring the highest volume of malware and triggered incidents in the past. * Pay special attention to any traffic marked as unknown. You will need to get to a point where there is no longer any unknown. 2. **Confirm the level of compliance** to internal rules and external regulations * This step is critical to maintain the level of security and compliance that you might have already established in your organization. You don't want to dilute your posture and M\&A is already a great time to suggest needed changes for any infrastructure. * Review any recent compliance audits whether passed or failed. This should indicate how much work is required to bring the organization on par with your level of compliance. 3. **Clear the environment** **of threats** * Eliminate applications that are absolutely not necessary. Through some iterations, block unwanted traffic that has nothing to do with the business of health services -- traffic from high-risk geographies you do not serve, traffic from consumer applications used by employees on the business network. The more you reduce the volume of communications on the network to those related to business, the smaller the opportunity for cybercriminals to get in. 4. **Absorb the environment** * Once you're confident that you have enough visibility and control over the network of the acquired entity, safely merge applications and systems, bridging or merging directories, bringing over PACS systems, consolidating networks and access points for mobile devices as needed. These steps seem somewhat burdensome, but our purpose built platform will allow you to perform these tasks in an elegant manner. As a result, your team can create a controlled and deliberate schedule that is included as part of the M\&A schedule. This will reduce risk and provide more granular knowledge and control to ensure business continuity without compromising security. Acquisitions can be central to business growth. Security should not be an excuse to slow down the integration process. Even more importantly, explicitly communicate through every step what you discover and what you plan to do about it and report on an on-going basis to the CIO and CISO. If you cannot take the required steps to improve the state of your security, at a minimum you need to provide regular updates to executives on the level of risk and give them options on what can be done about it. In addition, if you don't currently have an open communication channel to executives then use the acquisition as an opportunity to create one. In today's environments, you'll discover that most executives will be receptive to a discussion about cyber security. [As Kevin Magee recently noted](https://www.paloaltonetworks.com/blog/2014/07/get-budget-need-turn-skeptical-executives-security-champions/), that's something that's changed a lot in the last 12 months. Bottom line, one of the fantastic aspects of Palo Alto Networks is that our platform gives you an unmatched level of visibility into what's on your network at all times, at a level that should be understandable by the executives. Without any disruption you can show the volume of malware brought by online videos or games used by employees on their computers, you can easily discover whether unwanted apps bypass you protection and even discover whether malware hides inside encrypted communications. [Give it a try](http://connect.paloaltonetworks.com/avr-2) -- our technology supports business growth in new ways and you won't be disappointed. *** ** * ** *** ## Related Blogs ### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown) [#### Palo Alto Networks and the Virginia Governor's Office --- Taking Cybersecurity Education to Virginia Schools](https://origin-researchcenter.paloaltonetworks.com/blog/2015/07/palo-alto-networks-and-the-virginia-governors-office-taking-cybersecurity-education-to-virginia-schools/) ### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### AI, Quantum Computing and Other Emerging Risks](https://origin-researchcenter.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/) ### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) [#### The Case for Multidomain Visibility](https://origin-researchcenter.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Why Integrated File Integrity Monitoring Matters for Elevating Your Security](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/why-integrated-file-integrity-monitoring-matters-for-elevating-your-security/) ### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Improving National Security Through Secure AI](https://origin-researchcenter.paloaltonetworks.com/blog/2025/05/improving-national-security-through-secure-ai/) ### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Making Every Dollar Count for Federal Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/2025/03/making-every-dollar-count-federal-cybersecurity/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language