91吃瓜

The indicates the health care sector is the top target for cyberattacks.听 And, as hospitals do more to guard against attacks, it鈥檚 not necessarily translating into fewer data breaches, according to research from the University of 91吃瓜.

听

鈥�,鈥� published in MIS Quarterly, found that the increased use of information technology security systems by hospitals did not equal fewer breaches, contrary to predictions.

听

Lead author , professor of IT, Analytics, and Operations听in Notre Dame鈥檚听, says, 鈥淚t even seems that only certain types of hospitals are able to reap the benefits of having a greater number of IT security systems.听Those hospitals that symbolically, as opposed to substantively, adopt practices are not effective in using IT security to thwart breaches. We also found that it takes time for hospitals to realize the benefits of substantive adoption.鈥�

听

The team studied data breaches in U.S. hospitals from 2005-2013. Depending on the year, the number of hospitals varied from 4,000 to almost 6,000 鈥� nearly every hospital in the U.S. The researchers continued to collect data on hospital breaches through May 2018.

听

A February phishing attack on Ohio-based Aultman Health Foundation potentially breached the data of 42,600 patients.听The California-based Center for Orthopaedic Specialists notified 85,000 patients that a February ransomware attack on its IT vendor may have听breached听their data.听听And听a听March breach within Maryland-based LifeBridge Health and LifeBridge Potomac Professionals potentially exposed some 500,000 patients.听听

听

鈥淲hile our report suggests there was a spike in breaches in the first quarter of 2018, our assessment is that these things tend to fluctuate quite a bit over the years,鈥� Angst says.听鈥淏ut to be clear, the threat to hospitals is significant and not decreasing in any meaningful way at least going back to 2006.鈥�

听

The Verizon report suggests hospitals are inviting more threats because they are adopting new technologies at a rapid pace. Although Angst agrees with the observation, the study鈥檚 results indicate that hospitals that are early adopters of innovative IT solutions have a lower likelihood of suffering a breach. Angst emphasizes that simply purchasing IT security systems is not an adequate response.

听

鈥淣ew processes, including training, changes in mindsets and procedures, need to accompany any technology,鈥� Angst says. 鈥淚n addition, it appears there is a learning curve associated with gaining value from IT security. It takes time for the benefits to accrue.鈥�

听

Co-authors of the study include Emily Block, University of Alberta; John D鈥橝rcy, University of Delaware; and Ken Kelley, Mendoza College of Business.

听听

听

Contact: Corey Angst, 574-631-4772 or cangst@nd.edu