Data Breaches in Multihospital Systems: Antecedents and Mitigation Mechanisms

Abstract

We study antecedents and mitigation mechanisms of data breaches in the U.S hospital industry. More than 65% of U.S hospitals belong to a multihospital system (MHS). The MHS is a complex organization that owns hospitals and non-hospital care facilities such as physician networks, nursing homes, senior living homes, etc. We hypothesize that data breaches of an MHS would be increased by: (i) complexity of the different care services offered by its member hospitals, (ii) complexity of external collaborations of the member hospitals, (iii) complexity of internal IT applications of the member hospitals, and (iv) complexity of external IT applications of member hospitals such as health information exchange (HIE) connections. We also hypothesize that an MHS can potentially mitigate some of its data breaches by standardizing data security solutions across its member hospitals. We find support for these ideas in a study of 446 MHS and 3,823 MHS-Year observations during 2009-2017