Better hospital IT security doesn't mean fewer cyberattacks

In healthcare, using more IT security doesn't equate to fewer data breaches, according to a new study published in MIS Quarterly.

For the study, titled "When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches," a team of researchers led by Corey Angst, PhD, associate professor at the University of Notre Dame (Ind.) Mendoza College of Business, analyzed 938 U.S. hospital data breaches from 2005 to 2013. The researchers continued to collect additional hospital breach data through May 2018.

The study argues institutional factors play a role in determining which hospitals — such as  smaller health systems, older health systems, for-profit or nonprofit — are less likely to suffer repercussions from a data breach.

"Contrary to our theorizing, the use of more IT security is not directly responsible for reducing breaches, but instead, institutional factors create the conditions under which IT security investments can be more effective," the report states. In other words, purchasing IT security systems is not adequate enough. Health systems should emphasize new processes such as training or changing mindsets and procedures to reap value from their technologies.

"It appears there is a learning curve associated with gaining value from IT security. It takes time for the benefits to accrue," Dr. Angst said in a press release.

Click here to download the study.

More articles on cybersecurity:
3-day computer issue at Blount Memorial Hospital affected 90 physicians
U of Utah eye center investigating stolen computer that may have breached 600 patients' data
Purdue warns 1.7k patients to potential PHI compromise

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars