Do hospital data breaches affect health information technology investment?

OBJECTIVES

Data breaches are a financial and operational threat to hospitals. In this study, we examine the association between a data breach and information technology capital and labor investment.

METHODS

In this retrospective cohort study, we used American Hospital Association data from 2017 to 2019 and an unbalanced panel of hospitals with 6751 unique hospital-year observations. The breached group had 482 hospital-years, and the control group had 6269 hospital-years. We estimated the association between data breaches, information technology capital, and labor investment using the average treatment effect with propensity-score matching.

RESULTS

From 2017 to 2019, hospitals experienced more hacking and information technology incidents but fewer thefts and losses. We found that hospital data breaches were associated with a 66% increase in employed information technology staff and a 57% increase in outsourced information technology staff. Breaches were not associated with information technology operating expenses and information technology capital expenses.

CONCLUSION

Higher information technology labor investment due to the remediation of data breaches is an added cost to the healthcare system. Hospitals and policymakers should consider initiatives to improve cybersecurity and protect patient data.