Enhanced Cohesion: Insights into IT Combination and Security from Healthcare Mergers and Acquisitions

In the rapidly evolving world of healthcare, providers are constantly seeking ways to expand, diversify, and improve their services. One such strategy is mergers and acquisitions (M&As), a trend that has surged over the past decade. Luminis Health, formed by the merger of Anne Arundel Medical Center (AAMC) and Doctors Community Medical Center (DCMC) in 2019, and MultiCare Health System are two such entities that have embraced this strategy.

Luminis Health, based in Maryland, USA, has recently upgraded its endpoint security to a Palo Alto Networks solution and hired a managed service provider to run a 24/7 IT infrastructure monitoring center. To ensure the security of new acquisitions, the CIO, Mike Minear, uses a third-party cybersecurity vendor for independently evaluating a new acquisition's security posture.

Meanwhile, MultiCare Health System, based in Washington State, USA, has been equally proactive in enhancing its IT infrastructure. Upon acquiring Capital Medical Center (CMC), they brought CMC up to their corporate security standards, which included upgrading its firewalls and endpoint security, and deploying Medigate to identify medical equipment vulnerabilities.

The IT teams at both Luminis Health and MultiCare Health System have standardised on one Electronic Medical Record (EMR) system and chosen new standards for software based on features, value, and growth potential. Luminis Health standardized on AAMC's enterprise-level applications such as on-premises Epic EMR implementation and PeopleSoft's ERP and HR applications in the Oracle Cloud. MultiCare Health System upgraded CMC's computing equipment with Dell desktop computers, tablets, and thin-client devices for EMR access.

Both organisations have also integrated the hospitals' data centers and networks. Luminis Health integrated DCMC's servers and installed new Cisco routers and Meraki software-defined WAN equipment. MultiCare Health System upgraded CMC's core network with new Cisco switches and expanded Wi-Fi access by blanketing the hospital with new access points.

In the case of Luminis Health, the IT security team used Rapid7 security monitoring software to scan DCMC's network and data center and adopted AAMC's enterprise security solutions, including mobile device management software. MultiCare Health System, on the other hand, migrated CMC to Nutanix hyperconverged infrastructure and installed new Cisco networking gear as part of the integration process.

However, not all acquisitions have been smooth sailing. Lehigh Valley Health Network discovered a newly purchased company with unpatched IT infrastructure for years and active hackers on its network. To mitigate such risks, they conduct a cybersecurity review, assess everything, and fix concerns before connecting the acquired network to their own. They bring new acquisitions up to speed on security with new firewalls, data loss prevention tools, and Imprivata's single sign-on technology.

In conclusion, as healthcare providers continue to pursue M&As, it is crucial to ensure that their plans are airtight, particularly in the IT front. Both Luminis Health and MultiCare Health System have demonstrated a commitment to enhancing their IT infrastructure and security measures, setting a strong example for the industry.

Enhanced Cohesion: Insights into IT Combination and Security from Healthcare Mergers and Acquisitions