The second quarter of 2025 saw a modest rebound in hospital mergers and acquisitions (M&A), with Kaufman Hall reporting eight announced deals. Yet the trend lines tell a more complicated story: half were divestitures, there were no mega-mergers, and the average seller size was just $175 million in annual revenue, well below historical norms.
This smaller-scale, divestiture-heavy deal landscape may seem less dramatic than the headline-grabbing mega-mergers of past years, but it introduces a quieter, more insidious risk: ghost assets. These are the devices, systems, and technologies that are absent from official inventories but remain active in hospital networks. Left unseen, they complicate integration, expose organizations to compliance gaps, and increase operational fragility at a time when every margin counts.
The Hidden Cost of “Ghost Fleets”
Ghost assets aren’t new, but they are multiplying. Smaller hospitals, often the sellers in today’s deals, tend to have under-resourced IT and Health Technology Management (HTM) teams. Documentation is inconsistent, procurement is decentralized, and inventories may not reflect reality. When these facilities change hands, acquiring systems inherit what amounts to a shadow fleet of devices.
Why Divestitures Make It Worse
The absence of mega-mergers does not mean reduced risk. Instead, risk is fragmented. Many small acquisitions, divestitures, and outpatient expansions mean each transaction adds a fresh layer of unknowns. The “chopped-up” nature of the landscape requires stitching together disparate inventories into a coherent, accurate picture.
Consider rural facilities being shed by larger systems. These hospitals often have legacy devices, nonstandard tech, and minimal IT governance. What looks like a clean balance sheet transaction may actually hide unpatched firmware, unsupported operating systems, or undocumented Internet of Medical Things (IoMT) devices. For acquirers, this means absorbing not just assets, but potential liabilities.
Compliance Pressure Is Rising
At the same time, regulators are tightening expectations around visibility and lifecycle governance.
- HHS’s Healthcare and Public Health Cybersecurity Performance Goals explicitly elevate asset inventory and third-party risk management as priority areas for improvement.
- FDA guidance on cybersecurity for medical devices, including expectations for software bills of materials (SBOMs), makes transparent device inventories a regulatory necessity, not a best practice.
It’s clear that accurate, provable inventories are no longer optional. For organizations navigating mergers or divestitures, the gap between “known” and “unknown” assets can mean the difference between passing an audit and incurring costly penalties.
The Integration Burden
Beyond compliance, ghost assets slow down integration itself. Every unknown sensor, device, or middleware component adds troubleshooting overhead. When patch status, firmware versions, or vendor dependencies are missing from inventories, routine upgrades can stall critical clinical systems.
A recent analysis of 2.25 million IoMT devices across 351 healthcare delivery organizations found that 99% had devices with known exploited vulnerabilities, and 89% had insecure internet connectivity. These statistics demonstrate that ghost assets aren’t just accounting errors. They are active points of failure that delay integration, complicate incident response, and create ongoing patient safety risks.
Closing the Visibility Gap
When I talk with healthcare executives about ghost assets, the question I hear most often is: where do we start? The answer isn’t another checklist or quick fix. What’s needed is a shift in how leaders think about visibility and accountability across their technology environments.
First, asset visibility has to become a shared responsibility, not just the burden of IT or HTM teams. Clinical leaders, compliance officers, and finance executives all rely on accurate inventories, whether they realize it or not. If confidence in that data is weak, the entire system is operating on assumptions.
Second, organizations need to build resilience into integration. Every merger or divestiture brings new devices and systems. Instead of treating asset discovery as a one-time project, it must become an ongoing discipline, supported by automated discovery, real-time monitoring, and clear governance.
Finally, visibility must be tied directly to compliance and patient safety outcomes. Regulators are no longer satisfied with surface-level documentation; they expect proof that organizations know what’s on their networks, how it’s maintained, and where vulnerabilities exist. That same rigor is what protects patients from the risks that ghost assets quietly introduce.
The Road Ahead
Healthcare leaders know that technology is both an enabler and a liability. In a world of leaner margins, unpredictable policy shifts, and divestiture-heavy M&A, asset visibility will define whether integrations succeed or stumble.
Ghost assets are a technical nuisance, but they also undermine compliance, consume budgets, and jeopardize patient safety. For hospital executives, compliance officers, and IT leaders alike, closing the visibility gap is no longer optional. It is the foundation of resilient, integrated, and compliant healthcare systems.
About Jeff Collins
Jeff Collins, CEO of WanAware, has over 25 years of experience driving profitable growth by transforming brands, companies, and cultures. He is passionate about leading disruption through insight-driven strategies that activate brands and companies, attract customers, inspire stakeholders, and create community. In 2020, Jeff began developing WanAware after recognizing the need for effective IT Observability solutions due to the limitations of outdated legacy tools and antiquated models. He also holds leadership positions at 21Packets (Chairman) and Lightstream (Chief Strategy Officer). Jeff serves on the boards of multiple technology companies, contributing his expertise in cybersecurity, AI, networking, and data transformation
