Vendor selection in the wake of data breaches: A longitudinal study

With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention‐bas...

Full description

Saved in:
Bibliographic Details
Published in:Journal of operations management 2024-06, Vol.70 (4), p.568-599
Main Authors: Wang, Qian, Jiang, Shenyang, Ngai, Eric W. T., Huo, Baofeng
Format: Article
Language:English
Subjects:
attention‐based view
data breach
Data integrity
Electronic health records
electronic medical record systems
Hospitals
information security
Information technology
information technology outsourcing
Outsourcing
Security
vendor selection
Vendors
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention‐based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference‐in‐differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single‐sourcing configuration. Further post‐hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short‐term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners. Highlights We find that hospitals tend to change their electronic medical record system (EMRS) vendors following data breaches. During this replacement, they are more inclined to select star vendors and migrate towards a single‐sourcing configuration. We also find that the impacts of data breaches can be mitigated as the relationship between breached hospitals and vendors matures, or when hospitals are integrated into larger healthcare systems. Additionally, we find that the effects of data breaches are dependent on the scale of the breach and are typically short‐term in nature.
ISSN:0272-6963
1873-1317
DOI:10.1002/joom.1294