Reducing Cyber, Privacy Risks in Healthcare Sector M&As

Attorney Jonian Rafti of Proskauer on Top Considerations Marianne Kolbasuk McGee (HealthInfoSec) • December 25, 2025 16 Minutes

Healthcare sector mergers and acquisitions dramatically amplify cybersecurity and data privacy exposure for potential buyers and sellers, said attorney Jonian Rafti of law firm Proskauer. But there are critical steps entities can take to reduce those risks.

“When you're a buyer in a healthcare transaction, you're not just buying assets of a healthcare company - you're also buying potential regulatory risks or compliance gaps that come with that," he said.

Buyers typically approach this in two ways. Legal experts examining the seller's compliance with applicable law, such as HIPAA and state privacy laws, and their policies, procedures and compliance programs.

"And then cybersecurity consultants are also often engaged to look under the hood at systems, at workflows, from a highly technical, security-focused perspective ...