Table 3.
Difference-in-differences model estimates for value added.
| Breach parameters | Coefficient (SE) | P value | |
| Breach time for which ln (revenue) was calculated (reference=0) | |||
|
|
–3 | –0.012 (0.019) | .53 |
|
|
–2 | 0.007 (0.015) | .64 |
|
|
–1 | 0.001 (0.014) | .94 |
|
|
1 | –0.005 (0.018) | .78 |
|
|
2 | 0.017 (0.017) | .32 |
|
|
3 | 0.025 (0.023) | .28 |
|
|
Total assets | 0.055 (0.016) | .001 |
|
|
Total labor | 0.600 (0.064) | <.001 |
|
|
Information technology capital | 0.045 (0.007) | <.001 |
|
|
Information technology labor | 0.007 (0.003) | .02 |
|
|
Number of beds | 0.091 (0.043) | .04 |
|
|
Individuals affected | 0.000 (0.000) | .27 |
|
|
Case mix index | 0.126 (0.079) | .11 |
| Breach type for which ln (revenue) was calculated | |||
|
|
Hacking or information technology incident (reference) | N/Aa | N/A |
|
|
Data theft | 0.148 (0.035) | <.001 |
|
|
Unauthorized access, loss, or other | 0.108 (0.021) | <.001 |
| Breach location for which ln (revenue) was calculated | |||
|
|
Desktop computer or laptop (reference) | N/A | N/A |
|
|
Electronic medical record | 0.070 (0.033) | .04 |
|
|
Network server, papers, films, or others | 0.099 (0.020) | <.001 |
| Year for which the ln (revenue) was calculated (reference=2008) | |||
|
|
2009 | 0.024 (0.012) | .04 |
|
|
2010 | 0.042 (0.013) | .001 |
|
|
2011 | 0.049 (0.014) | .001 |
|
|
2012 | 0.052 (0.017) | .003 |
|
|
2013 | 0.037 (0.017) | .03 |
|
|
2014 | 0.021 (0.017) | .22 |
|
|
2015 | 0.084 (0.020) | <.001 |
|
|
2016 | 0.080 (0.024) | .001 |
|
|
Constant | 5.042 (1.077) | <.001 |
aN/A: not applicable.