The following is the abstract of an observational study published on The American Journal of Managed Care. The TL;DR version seems to be that if entities were to spend more proactively on security, they might not have to pay about 64% more annually in advertising costs over the next two years following a breach.
Understanding the Relationship Between Data Breaches and Hospital Advertising Expenditures
Sung J. Choi, PhD; and M. Eric Johnson, PhD
A hospital data breach was associated with a 64% increase in annual advertising expenditures.
ABSTRACT
Objectives: To estimate the relationship between data breaches and hospital advertising expenditures.
Study Design: Observational data on hospital expenditures were analyzed using a propensity score–matched regression. The regression was specified as a generalized linear model using a gamma distribution and log link.
Methods: The study sample included Medicare hospitals captured by a survey of traditional media outlets. Hospitals included were nonfederal acute care inpatient hospitals from 2011 to 2014. Voicetrak provided data on hospital advertising expenditures. The Healthcare Cost Report Information System provided data on hospital characteristics and financial variables. Study groups were matched using observable characteristics, such as revenue, number of beds, discharges, ownership, and teaching status. The study excluded hospitals in Maryland and the US territories for financial reporting consistency. Data breaches included theft, loss, unauthorized access/disclosure, improper disposal, and hacking. Advertising expenditures were collected from media outlets including television, radio, newspapers and business journals, and local magazines in a city/metropolitan area.
Results: Breached hospitals (n = 72) were more likely to be large, teaching, and urban hospitals relative to the control group (unweighted n = 915). A data breach was associated with a 64% (95% CI, 7.2%-252%; P = .023) increase in annual advertising expenditures, holding observable characteristics constant.
Conclusions: Breached hospitals were associated with significantly higher advertising expenditures in the 2 years after the breach. Efforts to repair the hospital’s image and minimize patient loss to competitors are potential drivers of the increased spending. Advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.
Am J Manag Care. 2019;25(1):In Press
Read the full report on AJMC.