Tag Archives: healthcare systems

THaW Paper on the Impact of Data Breaches

Posted on by
Reply

The healthcare field, abounding with lucrative patient data, attracts both internal and external adversaries. In this paper, we study the impact of data breaches on operational performance and identify how operational, technological, and market factors moderate the impact. We describe ex-post resilience strategies, look at institutional and operational approaches beyond security-specific factors, and shed light on critical nuances for IT strategies.

We find that while a breach negatively impacts hospital performance, its impact is most pronounced in the 3 years after a breach and diminishes in the subsequent years. From a technological perspective, our findings indicate that hospitals heavily reliant on cloud-based IT services experience more pronounced negative impacts.

To learn more about our findings and recommendations for hospital managers and policymakers, check out the paper!

Kwon, Juhee, and M Eric Johnson. “Unraveling the Impact of Data Breaches: Evidence From the US Healthcare Sector.” Production and Operations Management 34, no. 7 (2025): 1779–1798. Accessed October 15, 2025. https://journals.sagepub.com/doi/10.1177/10591478241305351.

THaW’s Eric Johnson on recent health system cyberattacks

Posted on by
Reply
Eric Johnson
Eric Johnson, PhD and dean of Vanderbilt University’s Owen Graduate School of Management

Cyberattacks targeting healthcare systems have been growing in prevalence and are wreaking more havoc with the healthcare industry’s increased dependence on electronic systems. Cyberattacks such as denial-of-service attacks, can have immediate impact on patient care by leaving medical staff without important patient records. The impacts don’t end there. With healthcare systems increasing their cybersecurity protocols in the aftermath of a cyberattack, patient information can be harder to access for those who should be accessing that information. Johnson’s research with co-author S.J. Choi, PhD, shows that at hospitals where security protocols slowed computer access by just a minute or so, people who came in with a heart attack were more likely to die. “When I talk to doctors about security, a lot of times they’re very negative,” Johnson said. “So they’re pretty far behind, and at this point, incredibly vulnerable.” It’s certainly not a stretch, Johnson says, to say that delays from a ransomware attack are likely to have more serious effects.

To read more about the recent cyberattacks on healthcare systems and coverage of THaW research on those topics, check out the THaW press page.