Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature Review

Bhatti, Baber Majid; Mubarak, Sameera; Nagalingam, Sev V.

doi:10.1080/1097198x.2021.1993725

Cited by 4 publications

(1 citation statement)

References 90 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, when outsourcing EMRS, hospitals relinquish control of EMRS controls to an off-site company, potentially resulting in a loss of granular control over related operations and functions. Moreover, due to the information asymmetry in supply chain collaborations, hospitals often face challenges in ensuring that their partnering vendors effectively adhere to security regulations and protocols (Bhatti et al, 2017). Despite these challenges, in the context of EMRS management, hospitals are required to grant extensive remote access and management privileges to their vendors as part of the delegated agency relationship.…”

Section: Research Backgroundmentioning

confidence: 99%

Vendor selection in the wake of data breaches: A longitudinal study

Wang,

Jiang,

Ngai

et al. 2024

J of Ops Management

View full text Add to dashboard Cite

With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention‐based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference‐in‐differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single‐sourcing configuration. Further post‐hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short‐term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners.

show abstract

Section: Research Backgroundmentioning

confidence: 99%