Abstract

Background: Firms face increased data breach threats nowadays, creating a lack of consumer confidence. Increased data breach incidents are a major concern for every firm. However, in hospitals, it is paramount to safeguard medical records. A slight change in patient records can result in a life-threatening medical condition for a patient. Existing literature claims that cybersecurity investment has indeed increased the instances of data breach incidents. The adoption of Health Information Exchange (HIE) has exacerbated this risk by increasing multiple channels for potential hackers. We, therefore, analyze the relationship between cybersecurity investment and possible data breaches in the presence of moderating variables: adoption of HIE and entrepreneurial orientation to find a model to help minimize data breach incidents.

Method: We test our hypotheses based on strategic alignment and resource orchestration theories. We merge two different datasets (HIMSS and the HHS website) to create a panel dataset with 24,587 observations on U.S. hospitals over five years (2013-2017). We then run a regression using SAS to analyze our model.

Results: We find that cybersecurity investment has no significance in the data breach threats. However, when a hospital joins HIE, cybersecurity investment tends to reduce the data breach threats. We also find that hospitals with higher entrepreneurial orientation face reduced data breach threats when joining HIE.

Conclusion: Hospitals should align their cybersecurity investment with their cybersecurity policies to generate maximum benefit from their cybersecurity investment. Failure to do so might result in a situation in which hospitals are always likely to face higher data security risks regardless of the level of cybersecurity investment.

Share

COinS