Managing Security Risk: Modeling the Root Causes of Data Breaches.

Health care data breaches are occurring at unprecedented rates, but breach causes are challenging to identify. The purpose of this exploratory study was to identify potential root causes associated with health care data breaches and to create a model of potential data breach factors to inform risk assessment and future predictive analysis. We considered organizational factors, business processes, and technological tools that may be associated with health care data breach occurrences. Using legal requirements, security industry frameworks, and health care standards, we developed a testable health care data breach model. This security model can inform managers who are working to conduct risk assessments, allocate resources, and minimize security risks.