With the increasing digitization and networking of medical data and personal health information, information security has become a critical factor in vendor selection. However, limited understanding exists regarding how information security influences vendor selection. Drawing from the attention-based view (ABV), this study examines the potential impact of data breaches on hospitals' selection of electronic medical record system (EMRS) vendors. To test our hypotheses, we compile a unique dataset spanning 12 years of observations from US hospitals. Utilizing a coarsened exact matching (CEM) technique combined with a difference-in-differences (DiD) approach, our study shows that hospitals tend to replace their EMRS vendors after experiencing data breaches. Moreover, breached hospitals tend to prioritize information security in such a vendor replacement process by switching to star vendors and migrating towards a single-sourcing configuration. Further post-hoc analyses reveal that these impacts of data breaches are mitigated as the relationship between breached hospitals and vendors matures or when hospitals belong to large healthcare systems. Additionally, we find that the effects of data breaches are contingent on the scale of the breach and are short-term in nature. This research underscores the significance of information security as a crucial consideration in vendor selection for both academia and practitioners.

中文翻译：

---

数据泄露后的供应商选择：纵向研究

随着医疗数据和个人健康信息的日益数字化和网络化，信息安全已成为供应商选择的关键因素。然而，对于信息安全如何影响供应商选择，人们的了解还很有限。本研究从基于注意力的观点 (ABV) 出发，探讨了数据泄露对医院选择电子病历系统 (EMRS) 供应商的潜在影响。为了检验我们的假设，我们编制了一个独特的数据集，涵盖美国医院 12 年的观察结果。我们的研究表明，利用粗化精确匹配 (CEM) 技术与双重差分 (DiD) 方法相结合，医院在经历数据泄露后往往会更换其 EMRS 供应商。此外，受到攻击的医院往往会在供应商更换过程中优先考虑信息安全，通过转向明星供应商并迁移到单一采购配置。进一步的事后分析表明，随着被泄露的医院和供应商之间的关系成熟或当医院属于大型医疗保健系统时，数据泄露的这些影响会减轻。此外，我们发现数据泄露的影响取决于泄露的规模，并且本质上是短期的。这项研究强调了信息安全作为学术界和从业者选择供应商的关键考虑因素的重要性。