Study: Better IT Security Doesn’t Mean Fewer Hospital Cyberattacks
A recent study by researchers at the University of Notre Dame looked at 938 data breaches and found institutional factors play the biggest role in the likelihood of hospital cyberattacks.
In healthcare, investing more time and money in IT security systems doesn’t equate to fewer data breaches, according to a recent study.
The study, titled “When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches” and published in MIS Quarterly by researchers at the University of Notre Dame, found that the increased use of information technology security systems by hospitals does not equal fewer breaches, reports News Wise.
The study looked at 938 data breaches in U.S. hospitals from 2005 to 2013. Depending on the year, the number of hospitals monitored ranged from 4,000 to 6,000.
The researchers argue institutional factors play a role in determining which hospitals — such as smaller health systems, older health systems, for-profit or nonprofit — are less likely to suffer repercussions from a data breach.
“It even seems that only certain types of hospitals are able to reap the benefits of having a greater number of IT security systems,” said lead author Corey Angst, a professor at Notre Dame’s Mendoza College of Business. “Those hospitals that symbolically, as opposed to substantively, adopt practices are not effective in using IT security to thwart breaches. We also found that it takes time for hospitals to realize the benefits of substantive adoption.”
In February, a phishing attack at Aultman Health Foundation in Ohio potentially breached the data of 42,600 patients. In March, LifeBridge Health and LifeBridge Potomac Professionals in Maryland potentially exposed records of 500,000 patients in a data breach.
“While our report suggests there was a spike in breaches in the first quarter of 2018, our assessment is that these things tend to fluctuate quite a bit over the years,” Angst said. “But to be clear, the threat to hospitals is significant and not decreasing in any meaningful way at least going back to 2006.”
The Verizon report suggests hospitals are attracting more threats because they are adopting new technologies at a fast pace.
The study also suggests that hospitals that are early adopters of innovative IT solutions are less likely to suffer a breach, but Angst emphasizes that simply purchasing IT security systems is not an adequate response to stop data breaches.
“New processes, including training, changes in mindsets and procedures, need to accompany any technology,” Angst said. “In addition, it appears there is a learning curve associated with gaining value from IT security. It takes time for the benefits to accrue.”
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!