数据泄露后的供应商选择：纵向研究

IF 6.5 2区管理学 Q1 MANAGEMENT

Journal of Operations Management Pub Date : 2024-01-29 DOI:10.1002/joom.1294

Qian Wang, Shenyang Jiang, Eric W. T. Ngai, Baofeng Huo

{"title":"数据泄露后的供应商选择：纵向研究","authors":"Qian Wang, Shenyang Jiang, Eric W. T. Ngai, Baofeng Huo","doi":"10.1002/joom.1294","DOIUrl":null,"url":null,"abstract":"<p>With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention-based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference-in-differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single-sourcing configuration. Further post-hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short-term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners.</p>","PeriodicalId":51097,"journal":{"name":"Journal of Operations Management","volume":"70 4","pages":"568-599"},"PeriodicalIF":6.5000,"publicationDate":"2024-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Vendor selection in the wake of data breaches: A longitudinal study\",\"authors\":\"Qian Wang, Shenyang Jiang, Eric W. T. Ngai, Baofeng Huo\",\"doi\":\"10.1002/joom.1294\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention-based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference-in-differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single-sourcing configuration. Further post-hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short-term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners.</p>\",\"PeriodicalId\":51097,\"journal\":{\"name\":\"Journal of Operations Management\",\"volume\":\"70 4\",\"pages\":\"568-599\"},\"PeriodicalIF\":6.5000,\"publicationDate\":\"2024-01-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Operations Management\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/joom.1294\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"MANAGEMENT\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Operations Management","FirstCategoryId":"91","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/joom.1294","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MANAGEMENT","Score":null,"Total":0}

引用次数: 0

摘要

随着医疗数据和个人健康信息的日益数字化和网络化，信息安全已成为选择供应商的关键因素。然而，人们对信息安全如何影响供应商选择的了解还很有限。本研究从注意力观点（ABV）出发，探讨了数据泄露对医院选择电子病历系统（EMRS）供应商的潜在影响。为了验证我们的假设，我们汇编了一个独特的数据集，该数据集跨越了美国医院 12 年的观察期。利用粗化精确匹配（CEM）技术和差分法（DiD），我们的研究表明，医院在遭遇数据泄露后倾向于更换 EMRS 供应商。此外，在更换供应商的过程中，发生数据泄露的医院往往会优先考虑信息安全，转而选择星级供应商并迁移到单一采购配置。进一步的事后分析表明，随着被入侵医院与供应商之间的关系日趋成熟，或者当医院属于大型医疗系统时，数据入侵的影响会得到缓解。此外，我们还发现，数据泄露的影响取决于泄露的规模，而且是短期性的。这项研究强调了信息安全作为学术界和从业人员选择供应商的重要考虑因素的重要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Vendor selection in the wake of data breaches: A longitudinal study

With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention-based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference-in-differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single-sourcing configuration. Further post-hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short-term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Operations Management 管理科学-运筹学与管理科学

CiteScore

11.00

自引率

15.40%

发文量

审稿时长

24 months

期刊介绍： The Journal of Operations Management (JOM) is a leading academic publication dedicated to advancing the field of operations management (OM) through rigorous and original research. The journal's primary audience is the academic community, although it also values contributions that attract the interest of practitioners. However, it does not publish articles that are primarily aimed at practitioners, as academic relevance is a fundamental requirement. JOM focuses on the management aspects of various types of operations, including manufacturing, service, and supply chain operations. The journal's scope is broad, covering both profit-oriented and non-profit organizations. The core criterion for publication is that the research question must be centered around operations management, rather than merely using operations as a context. For instance, a study on charismatic leadership in a manufacturing setting would only be within JOM's scope if it directly relates to the management of operations; the mere setting of the study is not enough. Published papers in JOM are expected to address real-world operational questions and challenges. While not all research must be driven by practical concerns, there must be a credible link to practice that is considered from the outset of the research, not as an afterthought. Authors are cautioned against assuming that academic knowledge can be easily translated into practical applications without proper justification. JOM's articles are abstracted and indexed by several prestigious databases and services, including Engineering Information, Inc.; Executive Sciences Institute; INSPEC; International Abstracts in Operations Research; Cambridge Scientific Abstracts; SciSearch/Science Citation Index; CompuMath Citation Index; Current Contents/Engineering, Computing & Technology; Information Access Company; and Social Sciences Citation Index. This ensures that the journal's research is widely accessible and recognized within the academic and professional communities.