MedicalResearch.com Interview with: John (Xuefeng) Jiang PhD Professor and Plante Moran Faculty Fellow Eli Broad College of Business Accounting & Information Systems Michigan State University East Lansing, MI MedicalResearch.com: How did you get interested in this issue? Response: This is the third project of our data breach trilogy. We first examined which healthcare providers (focusing on hospitals) more likely suffer from a data breach. We documented large hospitals, despite their resources, are more likely to experience a data breach. Some hospitals experienced multiple incidents (https://jamanetwork.altmetric.com/details/18464149). The findings made us wonder what happened? Besides size, what other factors contribute to data breaches? Based on detailed event descriptions, we documented the circumstances under which each data breach occurred (https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2715158). We found more than half of data breaches could be attributed to healthcare providers’ internal mistakes or negligence (e.g., forgot to encrypt laptop computers, used cc instead of bcc in emailing patients, didn’t revoke former employees’ login credentials after employment terminated) rather than external forces (e.g., hacking). We also found mobile devices (e.g. laptop computers, usb drives) are associated with most data breaches than paper records or network servers. Our results suggest if healthcare providers strengthen their internal control and limit the use of mobile device might be effective ways to reduce data breach risks.  (more…)