Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Jan 3:10:20552076231224164.
doi: 10.1177/20552076231224164. eCollection 2024 Jan-Dec.

Do hospital data breaches affect health information technology investment?

Jinhyung Lee  1 Hyeyeong Kim  2 Sung J Choi  3
Affiliations

Do hospital data breaches affect health information technology investment?

Jinhyung Lee et al. Digit Health. .

Abstract

Objectives: Data breaches are a financial and operational threat to hospitals. In this study, we examine the association between a data breach and information technology capital and labor investment.

Methods: In this retrospective cohort study, we used American Hospital Association data from 2017 to 2019 and an unbalanced panel of hospitals with 6751 unique hospital-year observations. The breached group had 482 hospital-years, and the control group had 6269 hospital-years. We estimated the association between data breaches, information technology capital, and labor investment using the average treatment effect with propensity-score matching.

Results: From 2017 to 2019, hospitals experienced more hacking and information technology incidents but fewer thefts and losses. We found that hospital data breaches were associated with a 66% increase in employed information technology staff and a 57% increase in outsourced information technology staff. Breaches were not associated with information technology operating expenses and information technology capital expenses.

Conclusion: Higher information technology labor investment due to the remediation of data breaches is an added cost to the healthcare system. Hospitals and policymakers should consider initiatives to improve cybersecurity and protect patient data.

Keywords: Data breach; cybersecurity; information technology investment; privacy.

PubMed Disclaimer

Conflict of interest statement

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Figures

Figure 1.
Figure 1.
Trends of hospital data breaches by type 2017–2019.
See this image and copyright information in PMC

References

    1. Office for Civil Rights. Breach notification rule [Internet]. HHS.gov. 2009. Available at: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html.
    1. IBM. Cost of a data breach 2022. 2022 [cited 2022 November 7]; Available at: https://www.ibm.com/reports/data-breach.
    1. Office for Civil Rights (OCR). HIPAA compliance and enforcement [Internet]. HHS.gov. 2008. Available at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index....
    1. Centers for Medicare & Medicaid Services. Promoting interoperability programs | CMS [Internet]. Available at: https://www.cms.gov/regulations-and-guidance/legislation/ehrincentivepro... (2023, accessed 18 January 2023).
    1. Adoption of electronic health records by hospital service type 2019–2021 | HealthIT.gov [Internet]. Available at: https://www.healthit.gov/data/quickstats/adoption-electronic-health-reco... (accessed 10 January 2023).

LinkOut - more resources