Explore the vast range of titles available.

The Internet of Medical Things, Smart Devices, Information Systems, and Cloud Services have led to a digital transformation of the healthcare industry. Digital healthcare services have paved the way for easier and more accessible treatment, thus making our lives far more comfortable. However, the present day healthcare industry has also become the main victim of external as well as internal attacks. Data breaches are not just a concern and complication for security experts; they also affect clients, stakeholders, organizations, and businesses. Though the data breaches are of different types, their impact is almost always the same. This study provides insights into the various categories of data breaches faced by different organizations. The main objective is to do an in-depth analysis of healthcare data breaches and draw inferences from them, thereby using the findings to improve healthcare data confidentiality. The study found that hacking/IT incidents are the most prevalent forms of attack behind healthcare data breaches, followed by unauthorized internal disclosures. The frequency of healthcare data breaches, magnitude of exposed records, and financial losses due to breached records are increasing rapidly. Data from the healthcare industry is regarded as being highly valuable. This has become a major lure for the misappropriation and pilferage of healthcare data. Addressing this anomaly, the present study employs the simple moving average method and the simple exponential soothing method of time series analysis to examine the trend of healthcare data breaches and their cost. Of the two methods, the simple moving average method provided more reliable forecasting results.

Background: Data breaches are an inevitable risk to hospitals operating with information technology. The financial costs associated with data breaches are also growing. The costs associated with a data breach may divert resources away from patient care, thus negatively affecting hospital productivity. Objective: After a data breach, the resulting regulatory enforcement and remediation are a shock to a hospital’s patient care delivery. Exploiting this shock, this study aimed to investigate the association between hospital data breaches and productivity by using a generalized difference-in-differences model with multiple prebreach and postbreach periods. Methods: The study analyzed the hospital financial data of the California Office of Statewide Health Planning and Development from 2012 to 2016. The study sample was an unbalanced panel of hospitals with 2610 unique hospital-year observations, including general acute care hospitals. California hospital data were merged with breach data published by the US Department of Health and Human Services. The dependent variable was hospital productivity measured as value added. The difference-in-differences model was estimated using fixed effects regression. Results: Hospital productivity did not significantly differ from the baseline for 3 years after a breach. Data breaches were not significantly associated with a reduction in hospital productivity. Before a breach, the productivity of hospitals that experienced a data breach maintained a parallel trend with control hospitals. Conclusions: Hospital productivity was resilient against the shocks from a data breach. Nonetheless, data breaches continue to threaten hospitals; therefore, health care workers should be trained in cybersecurity to mitigate disruptions.

Data protection, an important aspect of the right to privacy, ensures that information about people is used fairly and properly. Among the regulatory measures that have been adopted to safeguard personal data is the requirement that individuals affected by a data breach be informed promptly, enabling them to act quickly and effectively to protect themselves from harm. At the same time, the existence of a duty to notify individuals affected by a data breach incentivises data users to adopt robust measures against data breaches. Many jurisdictions adopt a mandatory data breach notification system; this article examines the two leading notification models, the United States and EU models. It takes Hong Kong as a case study where there is only a voluntary system of notifying the Privacy Commissioner of any data breach in certain specified circumstances. It evaluates the operation of Hong Kong's voluntary notification system and examines the current moves towards adopting a mandatory notification system. It examines justifications for mandatory notification and how the notification mechanism works and concludes that mandatory notification is an indispensable element of an effective regulatory system.

The evaluation of data breaches and cybersecurity risks has not yet been formally addressed in modern business systems. There has been a tremendous increase in the generation, usage and consumption of industrial and business data as a result of smart and computational intensive software systems. This has resulted in an increase in the attack surface of these cyber systems. Consequently, there has been a consequent increase in the associated cybersecurity risks. However, no significant studies have been conducted that examine, compare, and evaluate the approaches used by the risk calculators to investigate the data breaches. The development of an efficient cybersecurity solution allows us to mitigate the data breaches threatened by the cybersecurity risks such as cyber-attacks against database storage, processing and management. In this paper, we develop a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. The data used in this model are taken from the industrial business report, which provides the necessary information collected and the calculators developed by the major organizations in the field. This model integrated with the cybersecurity solution uses consolidated factors that have a significant impact on the data breach risk. We propose mathematical models of how the factors impact the cost and the likelihood. These models allow us to conclude that results obtained through the models mitigate the data breaches in the potential and future business system dynamically.

Innovative IT-enabled health services promise tremendous benefits for customers and service providers alike. Simultaneously, health services by nature process sensitive customer information, and data breaches have become an everyday phenomenon. The challenge that health service providers face is to find effective recovery strategies after data breaches to retain customer trust and loyalty. We theorize and investigate how two widely applied recovery actions (namely apology and compensation) affect customer reactions after a data breach in the specific context of fitness trackers. Drawing on expectation confirmation theory, we argue that the recovery actions derived from practice, apology, and compensation address the assimilation-contrast model’s tolerance range and, thus, always lead to satisfaction with the recovery strategy, which positively influences customers’ behavior. We employ an experimental investigation and collect data from fitness tracker users during a running event. In the end, we found substantial support for our research model. Health service providers should determine specific customer expectations and align their data breach recovery strategies accordingly.

PurposeThis paper aims to introduce the concept of cybersecurity footprint.Design/methodology/approachCharacteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybersecurity footprints are then reviewed. Taxonomy of aware/unaware vs active/passive cybersecurity footprints are presented, followed by brief discussion of the implications for future research.FindingsThe concept of cybersecurity footprint is defined, and the evidence from prior cyber incidents is shown to emphasize the concept. Smaller organizations may have a large cybersecurity footprint, whereas larger organizations may have smaller one. Cyberattacks are focusing on the individuals or small organizations that are in the supply chain of larger organizations causing the domino effect.Practical implicationsImplications of cybersecurity footprint to individuals, organizations, societies and governments are discussed. The authors present organizations with ways to lower cybersecurity footprint along with recommendations for future research.Social implicationsCybersecurity has a significant social implication worldwide, as the world is becoming cyber dependent. With the authors’ introduction of the cybersecurity footprint concept and call to further understand how organizations can measure and reduce it, the authors envision it as another perspective of assessing cyber risk and further help mitigate future cyber incidents.Originality/valueThis paper extends the existing information and computer security body of knowledge on the concept of cybersecurity footprint with illustrated cases.

New quality that has been delivered by the provisions of General Data Protection Regulation (GDPR) (EU) 2016/679 is intended to secure a higher level of safety for personal data processing operations. The following elaboration was produced as an attempt to address the questions regarding practical methods of implementation for the indispensable mechanism of GDPR compliance. The guidelines contained in the article are supposed to be helpful in enhancing the safety level for processed personal data. Theoretical and legal studies over the status and functioning of the valid legislation with reference to the practical application of personal data processing procedures have been applied in the article. The main sources of knowledge included valid legal acts, opinions from Article 29 Working Party, technical norms as well as available general knowledge. The outcomes of the said studies indicated the complexity of the issue and established the necessity to continue further studies in practical implementation methods, such as the national and European mechanism of certification or sector codes of good practices.

Although marketers increasingly rely on customer data, firms have little insight into the ramifications of such data use and do not know how to prevent negative effects. Data management efforts may heighten customers' vulnerability worries or create real vulnerability. Using a conceptual framework grounded in gossip theory, the authors link customer vulnerability to negative performance effects. Three studies show that transparency and control in firms' data management practices can suppress the negative effects of customer data vulnerability. Experimental manipulations reveal that mere access to personal data inflates feelings of violation and reduces trust. An event study of data security breaches affecting 414 public companies also confirms negative effects, as well as spillover vulnerabilities from rival firms' breaches, on firm performance. Severity of the breach hurts the focal firm but helps the rival firm, which provides some insight into mixed findings in prior research. Finally, a field study with actual customers of 15 companies across three industries demonstrates consistent effects across four types of customer data vulnerability and confirms that violation and trust mediate the effects of data vulnerabilities on outcomes.

Information security and data breaches are perhaps the biggest challenges that global businesses face in the digital economy. Although data breaches can cause significant harm to users, businesses, and society, there is significant individual and national variation in people’s responses to data breaches across markets. This research investigates power distance as an antecedent of people’s divergent reactions to data breaches. Eight studies using archival, correlational, and experimental methods find that high power distance makes users more willing to continue patronizing a business after a data breach (Studies 1–3). This is because they are more likely to believe that the business, not they themselves, owns the compromised data (Studies 4–5A) and, hence, do not reduce their transactions with the business. Making people believe that they (not the business) own the shared data attenuates this effect (Study 5B). Study 6 provides additional evidence for the underlying mechanism. Finally, Study 7 shows that high uncertainty avoidance acts as a moderator that mitigates the effect of power distance on willingness to continue patronizing a business after a data breach. Theoretical contributions to the international business literature and practitioner and policy insights are discussed.

By examining managers’ decisions about disclosing updated assessments of firms’ risks, we present evidence that the risk factor disclosures are informative. We use the setting of cybersecurity risk factor disclosures after a data breach because data breaches, especially severe breaches, serve as a natural experiment where an exogenous shock to managers’ assessment of their firm’s cybersecurity risks occurs. We analyze the topic from the perspective of two different theoretical lenses: the economic lens of optimal risk exposure and the ethical lens of stakeholder theory. Using a sample of firms experiencing data breaches, we find that firms experiencing a data breach increase the amount of cybersecurity risk factor disclosures compared to matched firms with no data breach. Further investigation reveals that the severity of data breaches affects the results; cybersecurity risk factor disclosures increase only after severe data breaches. While there is no significant market reaction if breached firms’ subsequent annual reports include increased cybersecurity risk factor disclosures, a significant negative market reaction occurs if breached firms decrease cybersecurity risk factor disclosures, regardless of the severity of the breach, implying that the market anticipates increased disclosures after data breaches.