Research

Selected Recent Publications:

The Relationship between Cybersecurity Ratings and the Risk of Hospital Data Breaches, Journal of the American Medical Informatics Association, August, 2021.
An Event Study of Data Breaches and Hospital IT Spending, Health Policy and Technology, Vol. 9, No. 3 (September), 372-378, 2020.
Data Breach Remediation Efforts and Their Implications for Hospital Quality , Health Services Research, Vol. 54, No. 5 (October), 971-980, 2019.
Spear Phishing in a Barrel: Insights from a Targeted Phishing Campaign , Journal of Organizational Computing and Electronic Commerce, Vol. 29, No. 1, 24-39, 2019.
Understanding the Relationship Between Data Breaches and Hospital Advertising Expenditures , American Journal of Managed Care, Vol. 25, No. 1, 14-20, 2019.
Meaningful healthcare security: Does “meaningful-use” attestation improve information security performance, MISQ, Vol. 42, No. 4 (December), 1043-1067, 2018.
The Evolving Cyberthreat to Privacy , IEEE Professional, Vol. 20, No. 3 (May-June), 64-72, 2018.
Health IT and Inappropriate Utilization of Outpatient Imaging: A Cross-Sectional Study of U.S. Hospitals, International Journal of Medical Informatics, Vol. 109, 89-95, 2017.
A Brief Chronology of Medical Device Security, Communications of the ACM, Vol. 59, Oct, 66-72, 2016.
Protecting Patient Data-The Economic Perspective of Healthcare Security , IEEE Security and Privacy, Vol. 13, Sept-Oct, 90-95, 2015.
Maintaining Secure and Reliable Distributed Control Systems , INFORMS Journal of Computing, Vol. 27, No. 1, 103–117, 2015.
Securing Health Information , IEEE Professional, Vol. 17, No. 1 (Jan-Feb), 23-19, 2015.
Information Technology and Patient Safety: Evidence from National Data , American Journal of Managed Care, Vol. 11, SP No. 17, 39-47, 2014.
Quality Risk Ratings in Global Supply Chains, Production and Operations Management, Vol. 23, No. 12, 2152-2162, 2014.
Proactive Versus Reactive Security Investments in the Healthcare Sector, MISQ, Vol. 38 No. 2, 451-471, 2014.
Clinic Capacity Management: Planning Treatment Programs that Incorporate Adherence, Production and Operations Management, Vol. 23, No. 1, 1-18, 2014.
Institutionalizing HIPAA Compliance: Organizations and Competing Logics in U.S. Health Care, Journal of Health and Social Behavior, Vol. 55, No. 1, 108–124, 2014.
Going Spear Phishing: Exploring Embedded Training and Awareness, IEEE Security and Privacy, Vol. 12, No. 1, 2-12, 2014.
Healthcare Security Strategies for Information Security and Regulatory Compliance, Journal of Management Information Systems, Vol. 30, No. 2, 41-65, 2013.
Meaningful Use of EHR Systems and Process Quality of Care: Evidence from a Panel Data Analysis of US Acute-Care Hospitals, Health Services Research, Vol. 48, Issue 2, 354–375, 2013.
Security practices and regulatory compliance in the healthcare industry, Journal of the American Medical Informatics Association, Vol. 20, No. 1, 44-51, 2013.
Medication Administration Quality and Health Information Technology: A National Study of US hospitals, Journal of the American Medical Informatics Association, Vol. 19, No. 3, 360-367, 2012.
Usability Failures and Healthcare Data Hemorrhages, IEEE Security & Privacy, March-April, 2011.
Addressing Information Risk in Turbulent Times, IEEE Security & Privacy, January-February, 2011.
Information Security and Privacy in Healthcare, International Journal of Internet and Enterprise Management, Vol 6, Iss 4, 2010.
Managing Information Access in Data-Rich Enterprises with Escalation and Incentives, International Journal of Electronic Commerce, 2010.
Principles for Better Information Security through More Accurate, Transparent Risk Scoring, Journal of Homeland Security and Emergency Management, Vol 7, Iss 1, 2010.
Protecting Critical Information Infrastructure: Developing Cyber Security Policy, Journal of Information Technology for Development, January 2010.

Books

Managing Information Risk Springer

The lifeblood of the global economy, information has become a source of growing risk as more firms maintain information online. With risks now fueled by sophisticated, organized, malicious groups, information security requires not only technology, but a clear understanding of potential risks, decision-making behaviors, and metrics for evaluating business and policy options. [read more]

Financial and Medical Identity Theft Springer

Financial identity theft is well understood with clear underlying motives. Medical identity theft is new and presents a growing problem. The solutions to both problems however, are less clear. The Economics of Financial and Medical Identity Theft discusses how the digital networked environment is critically different from the world of paper, eyeballs and pens. [read more]