{"title":"数据泄露对相邻医院IT投资的影响:来自加州医院的证据。","authors":"Taewon Hwang, Sung J Choi, Jinhyung Lee","doi":"10.1177/20552076251375930","DOIUrl":null,"url":null,"abstract":"<p><strong>Objective: </strong>This study investigates the effect of data breach incidents on IT investment at neighboring hospitals.</p><p><strong>Methods: </strong>Hospital data are collected from the California Department of Health Care Access and Information and matched with the breach archive provided by the U.S. Department of Health and Human Services Office for Civil Rights to construct a set of breached hospitals. Using a community detection algorithm, neighborhoods of hospitals are constructed to serve as the treatment group of breached hospitals against unaffected hospitals. To control for potential differences between affected and unaffected communities, hospitals are matched using propensity score matching. Subsequently, the effect of data breach incidents on IT investment at neighboring hospitals is estimated using a difference-in-differences model.</p><p><strong>Results: </strong>Analysis of hospital financial data from 2011 to 2017 revealed that neighboring hospitals responded to hacking/IT data breaches with a statistically significant 51% increase (<i>p</i> < 0.05) in IT capital investment in the year following exposure to the breach event. This association was substantially magnified in hospitals with above-median net income, demonstrating a 163% (<i>p</i> < 0.01) increase in IT capital expenditure. However, hospitals with lower net income showed no significant change in IT capital investment. Notably, we observed no statistically significant changes in overall IT expenditure or IT labor costs across any hospital category. Geographically, hacking/IT incidents predominantly occurred in major urban areas where market concentration was lower (HHI of 1243 in treatment groups vs. 1961 in control groups).</p><p><strong>Conclusion: </strong>Data breaches involving hacking/IT incidents at a neighboring hospital could nudge a hospital toward increased IT capital investment. This may result from neighboring hospitals acknowledging the need to take preventive measures. Hospitals should be strategically encouraged to reinforce cybersecurity capacity to minimize loss from future attacks.</p>","PeriodicalId":51333,"journal":{"name":"DIGITAL HEALTH","volume":"11 ","pages":"20552076251375930"},"PeriodicalIF":3.3000,"publicationDate":"2025-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12411718/pdf/","citationCount":"0","resultStr":"{\"title\":\"The impact of data breach on IT investment at neighboring hospitals: Evidence from California Hospitals.\",\"authors\":\"Taewon Hwang, Sung J Choi, Jinhyung Lee\",\"doi\":\"10.1177/20552076251375930\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><strong>Objective: </strong>This study investigates the effect of data breach incidents on IT investment at neighboring hospitals.</p><p><strong>Methods: </strong>Hospital data are collected from the California Department of Health Care Access and Information and matched with the breach archive provided by the U.S. Department of Health and Human Services Office for Civil Rights to construct a set of breached hospitals. Using a community detection algorithm, neighborhoods of hospitals are constructed to serve as the treatment group of breached hospitals against unaffected hospitals. To control for potential differences between affected and unaffected communities, hospitals are matched using propensity score matching. Subsequently, the effect of data breach incidents on IT investment at neighboring hospitals is estimated using a difference-in-differences model.</p><p><strong>Results: </strong>Analysis of hospital financial data from 2011 to 2017 revealed that neighboring hospitals responded to hacking/IT data breaches with a statistically significant 51% increase (<i>p</i> < 0.05) in IT capital investment in the year following exposure to the breach event. This association was substantially magnified in hospitals with above-median net income, demonstrating a 163% (<i>p</i> < 0.01) increase in IT capital expenditure. However, hospitals with lower net income showed no significant change in IT capital investment. Notably, we observed no statistically significant changes in overall IT expenditure or IT labor costs across any hospital category. Geographically, hacking/IT incidents predominantly occurred in major urban areas where market concentration was lower (HHI of 1243 in treatment groups vs. 1961 in control groups).</p><p><strong>Conclusion: </strong>Data breaches involving hacking/IT incidents at a neighboring hospital could nudge a hospital toward increased IT capital investment. This may result from neighboring hospitals acknowledging the need to take preventive measures. Hospitals should be strategically encouraged to reinforce cybersecurity capacity to minimize loss from future attacks.</p>\",\"PeriodicalId\":51333,\"journal\":{\"name\":\"DIGITAL HEALTH\",\"volume\":\"11 \",\"pages\":\"20552076251375930\"},\"PeriodicalIF\":3.3000,\"publicationDate\":\"2025-09-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12411718/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"DIGITAL HEALTH\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1177/20552076251375930\",\"RegionNum\":3,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2025/1/1 0:00:00\",\"PubModel\":\"eCollection\",\"JCR\":\"Q2\",\"JCRName\":\"HEALTH CARE SCIENCES & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"DIGITAL HEALTH","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1177/20552076251375930","RegionNum":3,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
The impact of data breach on IT investment at neighboring hospitals: Evidence from California Hospitals.
Objective: This study investigates the effect of data breach incidents on IT investment at neighboring hospitals.
Methods: Hospital data are collected from the California Department of Health Care Access and Information and matched with the breach archive provided by the U.S. Department of Health and Human Services Office for Civil Rights to construct a set of breached hospitals. Using a community detection algorithm, neighborhoods of hospitals are constructed to serve as the treatment group of breached hospitals against unaffected hospitals. To control for potential differences between affected and unaffected communities, hospitals are matched using propensity score matching. Subsequently, the effect of data breach incidents on IT investment at neighboring hospitals is estimated using a difference-in-differences model.
Results: Analysis of hospital financial data from 2011 to 2017 revealed that neighboring hospitals responded to hacking/IT data breaches with a statistically significant 51% increase (p < 0.05) in IT capital investment in the year following exposure to the breach event. This association was substantially magnified in hospitals with above-median net income, demonstrating a 163% (p < 0.01) increase in IT capital expenditure. However, hospitals with lower net income showed no significant change in IT capital investment. Notably, we observed no statistically significant changes in overall IT expenditure or IT labor costs across any hospital category. Geographically, hacking/IT incidents predominantly occurred in major urban areas where market concentration was lower (HHI of 1243 in treatment groups vs. 1961 in control groups).
Conclusion: Data breaches involving hacking/IT incidents at a neighboring hospital could nudge a hospital toward increased IT capital investment. This may result from neighboring hospitals acknowledging the need to take preventive measures. Hospitals should be strategically encouraged to reinforce cybersecurity capacity to minimize loss from future attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
