Better hospital IT security doesn’t mean fewer cyberattacks

A new study examining health care data breaches and the effectiveness of IT security investments by Corey Angst, professor of IT, Analytics, and Operations in Notre Dame’s Mendoza College of Business, was featured in Becker’s Hospital Review. The study’s coauthors are Emily Block, University of Alberta; John D’Arcy, University of Delaware; and Ken Kelley, Mendoza College of Business. Read the full story here.

“Contrary to our theorizing, the use of more IT security is not directly responsible for reducing breaches, but instead, institutional factors create the conditions under which IT security investments can be more effective,” the report states. In other words, purchasing IT security systems is not adequate enough. Health systems should emphasize new processes such as training or changing mindsets and procedures to reap value from their technologies.