Abstract
This analysis describes how cybersecurity breaches vary between urban and rural hospitals, how they differ over time, and how they differ across different types and locations of breaches within hospitals. Utilizing data from the U.S. Department of Health and Human Services Office for Civil Rights on incidents from 2012 to 2021 that affected 500 or more individuals, we studied breaches in 237 community hospitals, distinguishing between 185 urban and 52 rural facilities. Using Poisson and Quasi-Poisson regression models, we found a significant yearly increase in data breaches, especially in urban hospitals. Hacking/IT incidents were the most common breaches, particularly prevalent in urban settings, while unauthorized access/disclosure occurred frequently. Email and network servers were the primary locations of breaches in urban and rural hospitals. These findings indicate differences between urban and rural hospitals in data security incidents, suggesting areas for further research.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Globally, the healthcare industry has emerged as one of the primary targets of cybersecurity data breaches, with incidents increasing in size and severity [1,2,3,4,5,6]. In 2021 alone, over 45 million individuals were affected by healthcare data breach incidents in the United States (U.S.) [6]. The ramifications of cybersecurity breaches in the healthcare sector are particularly severe due to the highly sensitive nature of the data involved. Protected Health Information (PHI) encompasses a wide array of data, including medical histories, test results, insurance details, and other personal identifiers. For example, on the dark web, PHI is deemed more valuable than credit card data, enabling cybercriminals to extract as much as USD 1,000 per stolen medical record [7].Prior literature has identified cybersecurity data breaches as well as a lack of health information exchange capacity among healthcare providers, different interoperability hardware and software standards, limited training in telehealth utilization, and insurance coverage policies that restrict the use of telehealth as significant obstacles to the successful deployment and use of health information technology (HIT) [8,9,10,11,12,13]. Thus, cybersecurity is crucial in protecting patient, medical, and financial data against cyberattacks. Using software and hardware systems, cybersecurity prevents unauthorized use, disclosure, destruction, alteration, or access from internal or external sources [14, 15]. Earlier research has examined the impact of cybersecurity incidents on healthcare in general [16,17,18,19,20], focusing on data breaches, ransomware, and phishing incidents [21,22,23,24]. Other studies have examined the impact of cybersecurity incidents on healthcare organizations [4, 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40]. A study revealed that healthcare facilities face several cybersecurity challenges, including data breaches and, more recently, ransomware incidents, along with remote work security challenges, human error, insufficient security awareness, inadequate senior-level risk assessments, business continuity plans, inadequate incident response coordination, budget and resource constraints, and vulnerability of the medical system [41].
Recent studies have shown that hospitals face substantial recovery costs following data breaches, which are particularly burdensome due to the time-sensitive nature of their services [40].Furthermore, Hospital data breach remediation efforts have been associated with lower quality healthcare services, a longer time to perform an electrocardiogram (by up to 2.7 min), and an increase in the 30-day mortality rate from acute myocardial infarction by as much as 0.36 percentage points [42]. For example, clinical laboratories, which depend heavily on networked health information technology (HIT) systems, are acutely vulnerable to the disruptions caused by cybersecurity incidents, such as ransomware attacks that lead to significant downtime [43]. Despite the critical importance of robust cybersecurity measures and the severe impacts of data breaches, which have resulted in the theft or loss of millions of records, many hospitals still need a comprehensive understanding of the issue [2, 15, 44, 45]. There is a pressing need to develop more effective security measures by better understanding how various types of breaches and locations impact different hospital settings.
Rural hospitals in the U.S. healthcare system encounter several notable challenges. They must provide care to rural communities despite having fewer medical staff, and they often face more significant healthcare disparities than urban hospitals, financial limitations, and lower reimbursement rates [40, 46,47,48,49,50,51,52]. Furthermore, many rural hospitals are nonprofit, typically serve a higher proportion of older adults, and deal with logistical challenges like extended emergency medical services (EMS) response times and longer patient transit times [53,54,55,56,57,58,59,60]. Studies suggest that these challenges may make rural hospitals more susceptible to cybersecurity incidents due to limited staffing and financial resources [40, 61,62,63]. Despite their critical role, there remains a significant need for empirical research on cybersecurity in rural hospitals in the United States, highlighting a gap in describing how breaches vary between urban and rural hospitals.
In this study, we examine whether there is an increase in breaches across hospitals each year, contrary to the hypothesis of a static breach rate over time, to determine whether cybersecurity threats are on the rise. We hypothesize that urban hospitals are more susceptible to breaches than rural ones, challenging the notion that hospital location does not influence breach likelihood. We seek to determine if the urban–rural distinction significantly influences breach incidence. Furthermore, we question whether the type of the breach and its location (site) within the hospital significantly predict a hospital's classification as an urban facility, challenging the assumption that these factors are irrelevant to hospital classification. Our approach aims to provide comprehensive insights into how hospital settings, time, breach type, and breach location interact in the context of hospital cybersecurity.
This paper aims to characterize how cybersecurity breaches vary between urban and rural hospitals and how they differ over time and across different types and locations of breaches within hospitals. This study is one of the first to provide insight into how different types and locations of breaches impact urban vs. rural hospitals, aiming to tailor security measures more effectively. By understanding these different impacts, hospitals can allocate their cybersecurity resources more efficiently, focusing on the most significant threats they face. Policymakers and regulatory bodies can leverage the findings to develop or refine guidelines and regulations that protect patient data, ensuring that these measures are attuned to the specific vulnerabilities of different hospital settings.
2 Methods
2.1 Data sources and sample
Our analysis is based on publicly available data breach incident reports submitted to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) [64]. Specifically, we used the OCR’s report, which includes all reported data breaches that impact 500 or more individuals at healthcare providers covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) between 2012 and 2021. Each breach report provides details such as the covered entity type, the year, the type, and the location of the breach. HIPAA breach notification rules require covered entities and their business associates to notify affected individuals, the HHS, and sometimes the media within 60 days of discovering a breach of unencrypted PHI affecting 500 or more individuals [65]. This study defines a data breach as an unauthorized acquisition, access, use, or disclosure of PHI that violates the information's security or privacy [66].
We systematically linked the Office for Civil Rights (OCR) data to the American Hospital Association’s (AHA) survey database [67]. This linkage enables us to ascertain each hospital's urban or rural status in our sample. The data specifically focused on community hospitals, defined by the AHA as nonfederal, short-term general, and special hospitals. This focus allowed us to examine a more homogenous group of hospitals in our sample.
We identified a final sample of 237 unique hospitals from the linked data, comprising 185 urban and 52 rural hospitals. The classification was based on criteria established by the Office of Management and Budget (OMB), with rural hospitals being those located outside of metropolitan statistical areas (MSAs) [68]. In instances where a hospital reported more than one breach, we included only the breach that affected the greatest number of individuals to focus on breaches with potentially the most significant impact. Our analysis identified 40 hospitals that reported multiple breaches; of these, 37 were urban, and 3 were rural. Lastly, all the data used in the analysis was anonymized to protect hospital confidentiality.
2.2 Independent variables
Our independent variables included: 1) Hospital setting, which differentiates hospitals based on their geographical settings as either urban or rural; 2) Year of the breach, a temporal variable allows for the analysis of trends over time; 3) Type of breach categorized by the OCR dataset [64] as follows: (a) hacking/Information Technology (IT) incidents involving PHI; (b) improper disposal of PHI; (c) loss of PHI information; (d) other, including breaches not from a desktop, laptop, or email; (e) theft of PHI; (f) unauthorized access or disclosure of PHI; and (g) unknown type of incident; and 4) Location (or site) of the breach, defined as the hospital's operational technology, categories include (a) desktop computer, (b) laptop, (c) electronic medical records (EMR), (d) network server, (e) email, (f) other portable electronic devices (tablets, smartphones, external storage devices, etc.), and (g) paper or films.
2.3 Dependent variable
The number of breaches per year was considered the dependent (response) variable, with the total number of hospitals each year included as a log offset. This approach enables the analysis of breach incidents, facilitating the identification of trends and patterns over time across different hospital settings (urban/rural), breach submission years, types of breaches, and breach locations (site).
2.4 Analysis
A Poisson regression model was initially used to predict the number of breaches each year, considering time (i.e., year of breach), type of hospital, type of breach, and breach location as independent variables. Upon detecting significant overdispersion, as indicated by a delta deviance value significantly exceeding the degrees of freedom, we transitioned to a Quasi-Poisson model to handle the extra variation more efficiently [69, 70]. The Quasi-Poisson model was used, assuming the variance-mean relationship is linear [71]. The goodness-of-fit for the models was assessed using delta deviance and Pearson chi-squared statistics [69, 70]. The data were loaded into a Jupyter Python Notebook environment (https://jupyter.org) for data pre-processing, cleaning, integration, and filtering before conducting statistical analysis using Python and Pandas libraries [72]. The Poisson and Quasi-Poisson regression models were deemed appropriate for our hospital data breach analysis because the data consists of independent, non-negative integer counts of the number of times a data breach occurred; other studies have used Poisson models in a similar context to our research [73, 74].
3 Results
Table 1 presents the comprehensive dataset used in our analysis. It details data breaches across 237 distinct community hospitals, including 185 categorized as urban and 52 as rural, from 2012 to 2021. The table categorizes breaches by type, location, and breach submission year, providing a breakdown for urban and rural hospitals.
3.1 Trend analysis—urban vs. rural hospitals
The trends of data breaches over time in urban and rural hospitals, as shown by the Quasi-Poisson regression model, revealed significant predictors (Table 2). Initially, a Poisson regression model was applied; however, it exhibited overdispersion (delta deviance = 44.959, df = 17, p < 0.001), necessitating the adoption of a Quasi-Poisson regression model to account for this variability accurately. Within this model, the hospital setting was a significant predictor, with urban hospitals experiencing a higher log count of breaches than rural hospitals (ß = 0.554, SE = 0.255, z = 2.170, p = 0.044). Additionally, the year was a significant positive predictor, indicating an annual increase in the log count of breaches over the study period (ß = 0.174, SE = 0.040, z = 4.294, p < 0.001). These results suggest that hospital setting, and time significantly contribute to the number of data breaches, with urban hospitals and more recent years associated with higher breach counts.
Figure 1 illustrates the prediction of the number of breaches over time, showing an increasing trend for both hospital settings (urban/rural); there is a noticeable upward trend in the predicted number of breaches over time, indicating an increase in such incidents. However, the trend for urban hospitals shows a steeper increase, suggesting that urban hospitals have been experiencing a faster growth rate in the number of breaches compared to rural hospitals.
Predicted number of breaches by year and hospital setting (rural vs. urban). This plot shows the predicted number of hospital breaches from 2012 to 2021, differentiating between rural (cyan line) and urban (red line) hospitals. The shaded regions represent the 95% confidence intervals
3.2 Type of breach
The analysis revealed overdispersion in the Poisson regression model, as indicated by delta deviance of 253.15, df = 1, p < 0.001; thus, a Quasi-Poisson regression model was adopted (Table 3). It was found that the number of breaches increased over time (p < 0.001), with urban hospitals experiencing significantly more breaches than rural hospitals (p < 0.045). The most common type of breach was due to hacking/IT incidents. Compared to hacking/IT incidents, all other types of breaches were significantly less frequent, except for unauthorized access/disclosure, which did not differ significantly.
The results of data breaches within hospitals from 2012 to 2021 (Fig. 2) demonstrated significant temporal trends in the incidence of breaches, with an observed escalation in the projected frequencies. In urban hospitals, incidents were markedly escalated due to hacking/IT incidents and unauthorized access/disclosure breaches. Conversely, rural hospitals experienced a more moderate increase in these specific breach types. Other breach categories, such as improper disposal, loss, and theft, exhibited relatively consistent trends with lower incidence rates throughout the study period.
Predicted number of data breaches by type of breach and hospital setting (rural vs. urban) from 2012 to 2021. This figure displays the predicted number of data breaches over a ten-year period, segmented by the type of breach and differentiated by hospital setting (rural versus urban). The prediction lines represent various breaches: hacking/IT incident (red), improper disposal (purple), loss (green), other (blue), theft (cyan), and unauthorized access/disclosure (orange)
3.3 Location of breaches
The results showed overdispersion in the initial Poisson regression model (delta deviance = 340.79, df = 150, p < 0.001), leading to the adoption of a Quasi-Poisson regression model (Table 4). The model indicated an increase in the number of breaches over time (p = 0.002). However, there was no significant difference in the number of breaches between urban and rural hospitals (p = 0.096). The number of breaches had increased over time (p = 0.002). The highest location of breaches was due to emails; with reference to this, all other breaches were significantly lower, except network servers. However, the hospital setting was included in the model as it was significant in the Poisson regression model (i.e., significance loss due to inflation in standard errors in the Quasi-Poisson regression model).
The results of the location of data breaches in hospital settings revealed distinct trends from 2012 to 2021(Fig. 3). There was a considerable increase in predicted breaches, with differences between rural and urban hospitals. The email type of location was the most prominent line in both results, showing a significant upward trend, particularly in urban hospitals. There is a steep increase in breaches related to network servers in urban hospitals, whereas the trend is less pronounced in rural hospitals. Other portable electronic devices, including breaches from tablets, smartphones, etc., indicated an increase, although less pronounced than email or network server breaches. Paper/Films demonstrated a slight increase, with rural hospitals having fewer predicted breaches than urban ones. Finally, a steady increase in breaches related to EMR systems is noted, especially in urban hospitals.
Predicted number of data breaches by location of breach and hospital setting (Rural vs. Urban) from 2012 to 2021. This figure displays the predicted number of data breaches over a ten-year period, segmented by breach location and differentiated by hospital setting (rural versus urban). The prediction lines correspond to breaches associated with Email (red), Desktop Computers (purple), Electronic Medical Records (green), Laptops (blue), Network Servers (cyan), Others (yellow), Other Portable Electronic Devices (pink), and Paper/Films (orange)
4 Discussion
Our study supports the hypothesis that data breaches are increasing annually across urban and rural hospitals. Our Quasi-Poisson regression analysis provides evidence of a significant increase in data breaches across both urban and rural hospitals during the 2012–2021 decade. This trend is quantitatively supported by our regression outputs, which show substantial yearly increases in breach incidents. Particularly, urban hospitals have experienced a more pronounced escalation in data breaches, as indicated by a higher log count of breaches (ß = 0.554, SE = 0.255, z = 2.170, p = 0.044). This result underscores a relatively steeper increase in urban settings than in rural hospitals. These findings underscore the constant challenges in mitigating cybersecurity incidents effectively across diverse hospital settings. Our findings expand the current literature on cybersecurity in the hospital industry, which is increasingly recognized as one of the primary targets for cybersecurity data breaches. Previous studies have documented these incidents' rising scale and severity globally [1,2,3,4,5,6]; our findings add detailed results to the trends between urban and rural hospitals over a decade. Specifically, our study shows that urban hospitals have a higher incidence of breaches than their rural counterparts.
The type of breach analysis indicates that urban hospitals experience a higher frequency of data breaches than rural hospitals, with an increasing trend of breaches over time. Hacking/IT incidents are the most common type of breach, with other types, such as improper disposal, loss, theft, and unauthorized access/disclosure, occurring less frequently. Our results also indicate that unauthorized access/disclosure breaches occur slightly less frequently than hacking/IT breaches but not to the degree that reaches statistical significance. This result is significant because it could imply that both types of breaches are commonly reported, but that hacking/IT incidents may just be slightly more prevalent or easier to detect. The prevalence of hacking/IT incidents in urban settings likely reflects their more extensive IT infrastructures and larger operational scale, including more patients and staff [4, 25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40]. This trend may underscore the broader adoption of HIT in urban hospitals, which, while enhancing healthcare delivery, also expands their vulnerability to hacking/IT incidents. In contrast, the type of breach in rural hospitals demonstrates a more moderate increase in the same categories of hacking/IT incidents. Although these increments are less marked than in urban hospital settings, the potential impact on rural healthcare delivery could be significant. Rural healthcare facilities often grapple with operational challenges such as limited medical staffing, smaller budgets, and less advanced IT infrastructures [53,54,55,56,57,58,59,60]. Thus, even incremental increases in hacking/IT incidents could severely strain these already resource-constrained environments, potentially hindering their ability to deliver essential healthcare services. Future research should seek to explore the impacts of hacking/IT breaches on rural healthcare delivery.
Regarding the location of breaches, email and network servers have been identified as the predominant locations for data breaches, with a notably higher incidence in urban hospitals. This finding is consistent with existing literature highlighting email as a frequent vector for security breach incidents [21,22,23,24]. Conversely, breaches involving desktop computers, electronic medical records (EMR), and laptops occur with significantly less frequency, emphasizing the particular vulnerability of email systems to cyber security incidents. Our analysis also shows a marked increase in breaches related to network servers in urban settings compared to rural hospitals. This pattern suggests that urban hospitals, with their complex HIT systems and more extensive data storage needs, are more vulnerable and indicate that rural hospitals are not unaffected by such challenges. The similar levels of risk associated with network servers and email systems across both rural and urban settings highlight a crucial aspect of hospital cybersecurity, both are essential focal points of HIT operations that require robust protection. Furthermore, the higher incidences of breaches via email and network servers mark a significant departure from earlier findings in the literature, which predominantly reported breaches involving paper/films as the most common in hospital settings [31]. This shift points to an evolving landscape of cybersecurity threats, moving towards more technologically sophisticated breaches that may reflect the growing HIT complexity of hospital settings infrastructures.
The limitations revealed by the current study set an important agenda for our future research: First, while this study aims to characterize the nature of data breaches, it reveals the need for deeper investigations into their impacts on patient safety and financial health, particularly in rural hospitals. Such research should consider the broader implications of cybersecurity incidents, enhancing our understanding of their direct and indirect effects across different hospital settings. Second, the study relies on OCR data and the AHA Annual Survey, which only documents breaches affecting 500 or more individuals. This could underrepresent smaller breaches that are nonetheless impactful. The accuracy and completeness of these reported data are assumed by HIPPA regulations [65]. However, compliance may vary among hospitals, which might lead to gaps in data due to inconsistent or incomplete reporting practices.
Third, our research model, primarily focusing on community hospitals in urban vs. rural settings, is limited by the available data and initial exploratory hypotheses. Expanding this model to include variables such as hospital ownership, teaching status, bed size, and system affiliation could deepen our understanding of the factors influencing cybersecurity breach vulnerabilities; extensive research with expanded datasets and more detailed data should be vital to determine the conditions under which these breaches occur. Fourth, the potential underrepresentation of breaches in rural hospitals due to smaller sample sizes or reporting biases could skew results toward urban hospitals, potentially misrepresenting the actual landscape of cybersecurity threats. Fifth, we treated the type of breach and the location (or site) as independent variables, thus assuming that cybersecurity breaches occur homogeneously across all locations. However, it is possible that cybersecurity breaches could vary across different hospital settings due to diverse environmental and operational factors, potentially overlooking unique vulnerabilities or threats faced by different hospital settings. Therefore, further research is warranted to evaluate the differences in cybersecurity breaches in relation to their locations. This additional analysis could provide deeper insights into how environmental and operational factors at various hospital sites might influence the data breach security vulnerabilities they face.
Sixth, further research should thoroughly investigate the complexities of digital IT infrastructures within hospital settings. With their high volume of data transactions, urban hospitals may face increased risks of cybersecurity breaches due to multiple access points that introduce technical vulnerabilities and human errors [2, 15, 44, 45]. Future studies should delve into the nuances of the different hospital settings' network architecture, including the research into portable electronic devices and EMRs, and evaluate the efficacy of their existing security measures with these technologies. Seventh, additional research is needed to understand how socioeconomic demographics influence cybersecurity practices and outcomes in urban and rural areas. The digital literacy of patient populations may significantly affect PHI security and privacy management. Exploring how the urban–rural digital divide impacts vulnerability to cybersecurity threats should inform data protection strategies tailored to different hospital settings. In rural hospitals, where disparities in health outcomes are well-documented, investigating the impact of limited resources and access to technology on cybersecurity breach risks may be crucial [40, 46,47,48,49,50,51,52].
5 Conclusions
This study examines the rising cybersecurity threats faced by both urban and rural hospitals, underscoring the pressing need for improved data security measures. The findings highlight that urban hospitals are more susceptible to data breaches than rural ones, suggesting a significant vulnerability linked to their complex health information technologies and larger operational scales. The study also confirms a troubling trend of increasing cybersecurity breaches year over year, emphasizing the ongoing challenges in curbing these incidents. Important limitations of this research include its reliance on breach data that only includes incidents affecting 500 or more individuals, potentially underrepresenting the total number of breaches. Furthermore, the study focused primarily on the distinction between urban and rural hospitals, leaving out other potentially influential hospital characteristics like ownership type, teaching status, and system affiliation. These factors could provide deeper insights into different hospital settings' vulnerabilities and specific needs. Future research must expand the analysis to incorporate these additional factors to describe a more comprehensive picture of the cybersecurity landscape. This would not only enhance the robustness of the findings but also help tailoring cybersecurity strategies that are finely tuned to the needs of specific hospital settings. Additionally, there is a need to explore the direct impacts of data breaches on patient care and hospital operations to further guide policy and operational decisions. By applying these findings, healthcare administrators can better allocate resources toward the most effective security measures, potentially reducing the frequency and severity of breaches. This research serves as a foundation for ongoing discussions and further studies to enhance hospital resilience against cybersecurity threats. This research is anticipated to be valuable to healthcare administrators, practitioners, and researchers. It also aims to spark further discussion and research on cybersecurity in rural healthcare institutions, enhancing the capacity of both urban and rural hospitals to prevent, mitigate, and recover from data breaches.
Data availability
Public data available: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.
References
Seh AH, et al. Healthcare data breaches: insights and implications. Healthcare. 2020;8(2):133.
HIPAA journal healthcare data breach statistics. 2023.
U.S. Department of Health & Human Services—Office for Civil Rights, OCR Portal. 2023.
Ayala L. Cybersecurity for hospitals and healthcare facilities. A guide to detection and prevention. 1st ed. Berkeley: Apress; 2016.
Achten N. Regulating cybersecurity in the health care sector. CSS Analyses in Security Policy. 2021;296:1–4.
Office of Senator Mark Warner, Cybersecurity is patient safety. 2022: Washington, D. C. p. 36.
Skahill EAWD. Why hospitals and healthcare organizations need to take cybersecurity more seriously. 2021; https://www.brookings.edu/blog/techtank/2021/08/09/why-hospitals-and-healthcare-organizations-need-to-take-cybersecurity-more-seriously/.
Chen J, Amaize A, Barath D. Evaluating telehealth adoption and related barriers among hospitals located in rural and urban areas. J Rural Health. 2021;37(4):801–11.
Jonk YC, et al. Telehealth use in a rural state: a mixed-methods study using maine’s all-payer claims database. J Rural Health. 2021;37(4):769–79.
Green LA, et al. Sustaining “meaningful use” of health information technology in low-resource practices. Ann Fam Med. 2015;13(1):17–22.
Rural health information hub telehealth use in rural healthcare overview 2021. 2023.
Sadoughi F, Ali O, Erfannia L. Evaluating the factors that influence cloud technology adoption—comparative case analysis of health and non-health sectors: a systematic review. Health Informatics J. 2020;26(2):1363–91.
Newswire PR, Are U.S. Healthcare Organizations Ready for 2022 Cyber Threats? 2022, PR Newswire Association LLC.
Kosseff J. Cybersecurity law. Hoboken: Wiley; 2022.
Gantt WAH, Healthcare cybersecurity. 2021: American bar association, Health Law Section.
Angst CM, et al. When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Q. 2017;41(3):893-A8.
Pool KJ, et al. Causes and impacts of personal health information (PHI) breaches: a scoping review and thematic analysis. in Twenty-Third Pacific Asia Conference on Information Systems, China July. 2019.
Kwon J, Johnson ME. Health-care security strategies for data protection and regulatory compliance. J Manag Inf Syst. 2013;30(2):41–66.
Romanosky S. Examining the costs and causes of cyber incidents. J Cybersec. 2016;2(2):121–35.
Kamoun F, Nicho M. Human and organizational factors of healthcare data breaches: the swiss cheese model of data breach causation and prevention. Int J Healthcare Inf Syst Inf. 2014;9(1):42–60.
Neprash HT, et al. Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016–2021. JAMA Health Forum. 2022;3(12): e224873.
van Boven LS, et al. Hacking acute care: a qualitative study on the health care impacts of ransomware attacks against hospitals. Ann Emerg Med. 2023;2021:8.
Zhao JY, et al. Impact of trauma hospital ransomware attack on surgical residency training. J Surg Res. 2018;232:389–97.
Ofir A, Koren R. Cyber-shock and “digital withdrawal”: organizational lleadership and crisis management during a hospital-wide computer shutdown following a ransomware attack. Prehosp Disaster Med. 2023;38(Supplement 1):s98–s98.
Dullea E, Budke C, Enko P. Cybersecurity update: recent ransomware attacks against healthcare providers. Mo Med. 2020;117(6):533–4.
O’Brien N, Ghafur S, Durkin M. Cybersecurity in health is an urgent patient safety concern: we can learn from existing patient safety improvement strategies to address it. J Patient Safety Risk Manage. 2021;26(1):5–10.
Lee J, Choi SJ. Hospital productivity after data breaches: difference-in-differences analysis. J Med Internet Res. 2021;23(7): e26157.
Kiser S, Maniam B. Ransomware: healthcare industry at risk. J Bus Account. 2021;14(1):64–81.
Jarrett MP. Cybersecurity-a serious patient care concern. JAMA. 2017;318(14):1319–20.
McCoy TH Jr, Perlis RH. Temporal Trends and characteristics of reportable health data breaches, 2010–2017. Jama. 2018;320(12):1282–4.
Gabriel MH, et al. Data breach locations, types, and associated characteristics among US hospitals. Am J Manag Care. 2018;24(2):78–84.
Ayyagari R. An exploratory analysis of data breaches from 2005–2011: trends and insights. J Inf Privacy Sec. 2012;8(2):33–56.
Wikina SB. What caused the breach? An examination of use of information technology and health data breaches. Perspect Health Inf Manag. 2014;11(Fall):1h.
Lee I. Analysis of insider threats in the healthcare industry: a text mining approach. Information. 2022;13(9):404.
Jalali MS, Kaiser JP. Cybersecurity in hospitals: a systematic, organizational perspective. J Med Int Res. 2018;20(5): e10059.
Argaw ST, et al. Cybersecurity of hospitals: discussing the challenges and working towards mitigating the risks. BMC Med Inform Decis Mak. 2020;20(1):146.
Nigrin DJ. When ‘Hacktivists’ target your hospital. N Engl J Med. 2014;371(5):393–5.
Department of justice member of sophisticated China-based hacking group indicted for series of computer intrusions, including 2015 data breach of health insurer anthem Inc. Affecting over 78 million people. 2019.
Ghafur S, et al. A retrospective impact analysis of the WannaCry cyberattack on the NHS. npj Dig Med. 2019. https://doi.org/10.1038/s41746-019-0161-6.
U.S. Senate Committee on Homeland Security & Governmental Affairs, t.C., In Need of a Checkup: Examining the Cybersecurity Risks to the Healthcare Sector U.S. (testimony of Katherine Pierce). 2023: Washington, DC, .
He Y, et al. Health care cybersecurity challenges and solutions under the climate of COVID-19: scoping review. J Med Internet Res. 2021;23(4): e21747.
Choi SJ, Johnson ME, Lehmann CU. Data breach remediation efforts and their implications for hospital quality. Health Serv Res. 2019;54(5):971–80.
Cornish TC, McClintock DS. Are you prepared? Laboratory downtime in the ransomware era. Am J Clin Pathol. 2022;157(4):482–4.
Dhillon G, Smith K, Dissanayaka I. Information systems security research agenda: exploring the gap between research and practice. J Strateg Inf Syst. 2021;30(4): 101693.
Heald K. Why the insurance industry cannot protect against health care data breaches. J Health Care Law Policy. 2017;19(2):275–98.
Towne SD, et al. Assessing diabetes and factors associated with foregoing medical care among persons with diabetes: disparities facing american indian/alaska native, black, hispanic, low income, and southern adults in the U.S. (2011–2015). Int J Environ Res Public Health. 2017;14(5):464.
Sheps center for health services research rural hospital closures. 2023.
Leider JP, et al. The state of rural public health: enduring needs in a new decade. Am J Public Health. 2020;110(9):1283–90.
Frakt AB. The rural hospital problem. JAMA. 2019;321(23):2271–2.
Kaufman BG, et al. The rising rate of rural hospital closures. J Rural Health. 2016;32(1):35–43.
Roni CR. Rural hospitals are shuttering their maternity units, in The New York Time. 2023.
Robin Warshaw Health Disparities Affect Millions in Rural U.S. Communities. 2017.
Health Care Industry Cybersecurity Task Force. Health Care Industry Cybersecurity Task Force: report on improving cybersecurity in the health care industry. 2017; https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf.
Meit M. Exploring strategies to improve health and equity in rural communities. NORC Walsh Center for Rural Health Analysis: Bethesda, Maryland, 2018.
Davis J, et al, Rural America at a Glance: 2022 Edition. Amber Waves:The Economics of Food, Farming, Natural Resources, and Rural America, 2022. 2022.
Mell HK, et al. Emergency medical services response times in rural, suburban, and urban areas. JAMA Surg. 2017;152(10):983–4.
Nataliansyah MM, et al. Beyond patient care: a qualitative study of rural hospitals’ role in improving community health. BMJ Open. 2022;12(3): e057450.
Brenton Smith T, et al. The impact of rural hospital closures on emergency medical services transport times. Online J Rural Nurs Health Care. 2022;22(1):26–41.
Carrie Henning-Smith MM, Dori Cross D, Adrita Rahman MPH, Challenges to admitting residents: perspectives from rural nursing home administrators and staff. inquiry: The Journal of Health Care Organization, Provision, and Financing, 2021. 58.
Klugman CM and Dalinis PM, Ethical issues in rural health care. 2008: Johns Hopkins University Press.
U.S Senator for New Hampshire. Senator Hassan highlights cybersecurity needs of NH rural and smaller health care providers. 2023; https://www.hassan.senate.gov/news/press-releases/senator-hassan-highlights-cybersecurity-needs-of-nh-rural-and-smaller-health-care-providers. Accessed 19 Mar 2023.
U.S. Senate Committee on Homeland Security & Governmental Affairs, t.C., In Need of a Checkup: Examining the Cybersecurity Risks to the Healthcare Sector U.S. (testimony of Greg Garcia). 2023: Washington, DC, .
McKeon, J. How rural hospitals can tackle healthcare cybersecurity risks. Health IT security, 2022.
Office for Civil Rights, U.S.D.o.H.H.S. Breach Portal: notice to the secretary of HHS breach of unsecured protected health information. 2022; https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Accessed 1 Jan 2023.
HHS Office for Civil Rights. Breach notification rule. https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html. Accessed 17 Feb 2023.
The Office of the National Coordinator for Health Information Technology, Chapter 7: Breach notification, HIPAA enforcement, and other laws and requirements. 2022. p. 56–62.
American Hospital Association (AHA), AHA 2021 annual survey database, A.H.A. (AHA), Editor. 2021.
U.S. Health Resources & Services Administration defining rural population 2018. 2023.
Hilbe JM. Modeling count data. Cambridge: Cambridge University Press; 2014.
Gardner W, Mulvey EP. Regression analyses of counts and rates: Poisson, overdispersed Poisson, and negative binomial models. Psychol Bull. 1995;118(3):392.
Ver Hoef JM, Boveng PL. Quasi-Poisson vs. negative binomial regression: how should we model overdispersed count data? Ecology. 2007;88(11):2766–72.
team, p.d. Python data analysis library. (n.d). http://pandas.pydata.org/. Accessed 23 Oct 2023.
Langlois PH, Canfield MA, Swartz MD. Poisson versus logistic regression in a descriptive epidemiologic analysis of data from a Birth defects registry. Birth Defects Res A Clin Mol Teratol. 2013;97(10):702–7.
Sroka CJ, Nagaraja HN. Odds ratios from logistic, geometric, Poisson, and negative binomial regression models. BMC Med Res Methodol. 2018;18(1):112.
Author information
Authors and Affiliations
Contributions
G.M.C. handled all aspects, including writing, data collection, statistical design and analysis, and interpretation of the data. J.S. played a key role in conceptualization, statistical design, and providing critical insights that shaped the research direction and contributed to the manuscript review process. J.L. and J.P. provided thorough reviews of the manuscript, ensuring its coherence and alignment with the research objectives.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Munoz-Cornejo, G., Sakowski, J., Lee, J. et al. Analyzing the urban–rural divide: the role of location, time, and breach characteristics in U.S. hospital security incidents, 2012–2021. Discov Health Systems 3, 38 (2024). https://doi.org/10.1007/s44250-024-00105-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s44250-024-00105-6