Information Security Investment and Healthcare Data Breaches

We are examining the impact of the types and timing of security investment on compliance and security performance. Using data on security investments and breaches, we find that proactive investment (before a breach) is more effective in reducing future breaches than reactive investment (investments made after a breach).   This work is supported by the NSF.

Research findings presented at WISE 2011.

In another study on security practices, we analyze survey data from 250 hospitals.   We find that security resources and security capabilities are positively associated with compliance and security performance. Further, resources and capabilities complement each other, improving both compliance and performance. We also find that security audit capabilities are associated with increased breach disclosures, likely because such auditing helps organizations find, disclose and fix breach-related problems.  Finally, we find that top management support and expertise are significantly linked to compliance and security performance.  This work is supported by the NSF.

Research findings published in JAMIA.

Research fingings published in MIS Quarterly. 

CISO vs Adversary

Healthcare Security Investment Game

Browse Entire Site by Topic