The record deal volume noted in our latest Healthtech M&A report stems from momentum makers which include AI-fuelled innovation in everything from digital therapeutics to health record management, and active consolidation within the industry. There’s also the critical necessity of security solutions which are fit for purpose in an age of ever-smarter online threats. As our report puts it, “Increasing digitalisation is driving demand for robust cybersecurity solutions, with research showing a majority of healthcare organisations are actively enhancing this aspect of operations in 2025.”

This emphasis among healthcare IT decision makers is unsurprising, given the mammoth scale of the risk posed by cyberattacks. Perhaps the most colossal example of a Healthtech heist to date was last year’s ransomware attack on Change Healthcare. As one of the top providers of administrative and financial solutions for the US healthcare industry, Change sits on an immense treasure trove of health records, social security numbers and billing information. Hackers were able to pillage this highly sensitive data after gaining entry through a remote access portal which had not been secured by multi-factor authentication.

The digital break-in compromised the data of over 190 million individuals, disrupted insurance claim, payment and prescription processing across hospitals and pharmacies, and cost Change Healthcare a substantial amount to rectify (including millions paid to the hackers). 

Last year also saw the UK fall victim to a significant healthcare breach, when pathology services provider Synnovis was hit by hackers, leading to thousands of outpatient appointments and operations being postponed. An NHS Trust later confirmed that disruption from this event contributed to the death of a patient, highlighting the uniquely devastating potential of cyberattacks within this industry in particular. 

Unfortunately, healthcare is also uniquely attractive to threat actors, overtaking finance as the most breached industry last year. One reason is that healthcare organisations like hospitals are rich repositories of confidential patient data which have a high value on the dark web. Moreover, many such organisations are reliant on legacy IT infrastructure which is vulnerable to sophisticated and ruthless cyberattacks. Speaking in the wake of last year’s Synnovis attack, senior doctors told the BBC that “the NHS is vulnerable” because of outdated tech, with one A&E consultant reporting how they were still working with “decade-old computers” and old operating systems.

At the same time, the adoption of cutting-edge tech platforms presents its own challenges. Remotely accessible cloud-based networks, so vital to telemedicine and collaborative, hybrid working practices, can let in intruders if security protocols aren’t followed on any one device or interface. Indeed, it was just such a slip up which allowed the catastrophic Change Healthcare hack to take place. The proliferation of the Internet of Medical Things – ie, devices which connect to IT systems, such as 24/7 patient monitoring hardware – has also given hackers yet more potential attack surfaces to exploit.

The drive to strengthen healthcare networks, both to safeguard patients and to comply with increasingly stringent regulatory demands, has spurred M&A transactions targeting Healthtech companies specialising in cybersecurity. Here are some notable examples.

Abacus Group, an IT and cybersecurity managed services provider previously focused on the finance sector, has significantly expanded its scope through its merger with Medicus IT, a healthcare-focused MSP. In the CEO’s words, “we’ve just added on basically an entire vertical industry which looked a lot like us… to basically double our footprint from a size and scale perspective.”

Medicus IT’s expertise in HIPAA and other American healthcare regulatory frameworks is being leveraged by the combined entity to expand its presence in the US, with its cybersecurity services including 24/7 infrastructure monitoring and automatic breach detection.

Axonius, a cybersecurity asset management platform which allows enterprises to monitor and mitigate risks across their sprawling software stacks, has deepened its healthcare vertical expertise through the acquisition of Cynerio, a startup specialising in medical device security. 

As discussed earlier, internet-connected medical hardware, while massively advancing patient care, constitute a major attack service for hackers. This is a vulnerability rectified by Cynerio’s platform, which detects malware, data breaches and other threats across connected healthcare devices, and has played an important role in safeguarding the digital infrastructure of NHS Trusts. 

Health Catalyst, a provider of data analytics tech for the healthcare industry, has broadened into cybersecurity through its purchase of Intraprise Health, whose unified risk management platform is designed to eliminate data siloes and allow organisations to automate assessments of their infrastructures and and comply with healthcare regulations.

In announcing the acquisition, Health Catalyst’s CEO emphasised the critical importance of cybersecurity for healthcare clients, with this strategic step allowing Health Catalyst to address “the costs associated with risk management at the enterprise level”. This same rationale is likely to propel many more deals within Healthtech as organisations increasingly prioritise the fortification of their IT networks to deal with unprecedentedly ingenious threats. 

If you’re a senior decision maker at a company specialising in any aspect of Healthtech, from cybersecurity to electronic health record management, get in touch with our sector expert Tom Schmähling to discuss the market potential of your business.

You can also get further insights into Healthtech M&A, as well as other sectors including Digital Commerce and Enterprise Software, by downloading our free  half-yearly market reports which explore notable buyer trends, deal data and case studies. Subscribe to ensure you never miss out on the latest research and insights from the team of expert analysts at Hampleton Partners.