Nan Clement
Nan Clement

Welcome to my website! I am a PhD candidate at University of Texas at Dallas in the Department of Economics.

I am on the job market during the 2023-2024 academic year.

I am working under the supervision of Daniel G. Arce, Catherine Tucker, Anne M. Burton, and Anton Soblev.

My research focuses on the economics of digitization with an emphasis on Healthcare Information Systems, Cybersecurity, Privacy, Cloud, and Competitive Impact of IS.

Prior to graduate school, I was a business data platform test engineer at China Construction Bank Supply Chain Finance Company and an assistant researcher at Investment Research Institute in Beijing. I hold an MS in Accountancy (Data Analytics) from University of Illinois Urbana-Champaign. I am an award-winning teacher with a wide range of teaching interests in Business Analytics, Cloud Platforms, AI, Platform Economics, Information Systems, Microeconomics, Digital Economics, Game Theory, and Healthcare Management.

A copy of my CV is available HERE. Email me at nclement@utdallas.edu

Job Market Paper

Abstract:

Data breaches in hospitals disrupt care, potentially leading to fatal consequences, violating privacy rights, and incurring significant costs to remedy. Mergers and acquisitions serve as an essential source of financing but also induce substantial management challenges. Using proprietary hospital merger records and archived data breach reporting from the Department of Health and Human Services from 2010 to 2022, I implement a stacked difference-in-differences estimation strategy to study whether and how hospital mergers increase the probability of a data breach. On average, the probability of a data breach in two years for pre-merger deals is approximately 3%, while for the hospitals undergoing the merging process, the data breach rate reaches 6%. The effect is robust to changes of the two-year window. The effect is robust in alternative control group constructions. The effect is also robust to the changes in sample size due to the data availability of the control variables and in how standard errors are clustered. Increased attention online one year before the merger deal is signed, identified with Google Trends score, causes a large increase in pre-signing hacks, especially in recent years through ransomware attacks. Such an effect does not extend to the post-signing period. The increase in post-signing hacks is due to the incompatibility of merging information systems. More complicated information system integration in multi-hospital systems leads to greater elevated post-signing breaches. Conversely, the complementary effect of organizational capital that improves internal risk control reduces the increase in data breaches. For example, mergers involving publicly traded hospitals can experience a decrease in data breaches during mergers. The dynamic analysis shows that the data breach situation during mergers is getting worse because of soaring cases of hacks, even though insider misconduct has become less of a problem since 2014. Recent post-signing hacks exhibit shorter attack cycles compared to conventional malware attacks. These faster cycles catch unprepared hospitals off guard before hospitals get integration in order.

Working Paper

Revise and Resubmit, Information Systems Research
Abstract:

Cloud services exist under a shared security environment; both cloud services providers (CSPs) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users' security contributions and cloud usage figure into their CSP's vulnerability. Furthermore, CSPs' own security contribution takes into account both their users as well as competition with other CSPs. The Markov Perfect Equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP's Markov state of security. This implies that cloud security is an unusual form of impure public good whereby individual contributions bolstering a CSP's security endow a selective incentive (private benefit) on others, rather than only providing a selective incentive to the contributors themselves. Since this increases usage, CSP vulnerability increases over time. At the same time, the CSPs' competition with security may lead to a welfare improvement, but the lock-in effect of security on the platforms shapes the CSP's security investment and, eventually, the security results.

Thesis Title: "Essays on Digital Economics"

Committee: Daniel G. Arce (Chair), Catherine Tucker, Anne M. Burton, Anton Sobolev

Methodology: Causal Inference, Econometrics, Observational Data, Game Theory

Topics: Healthcare Information Systems, Cybersecurity, Privacy, Competitive Impact of IS

Job Market Paper

M&A Effect on Data Breaches in Hospitals: 2010-2022
Broader Impact and Outreach: Interviewed by Greg Freeman from Healthcare Risk Management and potential industry collaborations
Abstract:

Data breaches in hospitals disrupt care, potentially leading to fatal consequences, violating privacy rights, and incurring significant costs to remedy. Mergers and acquisitions serve as an essential source of financing but also induce substantial management challenges. Using proprietary hospital merger records and archived data breach reporting from the Department of Health and Human Services from 2010 to 2022, I implement a stacked difference-in-differences estimation strategy to study whether and how hospital mergers increase the probability of a data breach. On average, the probability of a data breach in two years for pre-merger deals is approximately 3%, while for the hospitals undergoing the merging process, the data breach rate reaches 6%. The effect is robust to changes of the two-year window. The effect is robust in alternative control group constructions. The effect is also robust to the changes in sample size due to the data availability of the control variables and in how standard errors are clustered. Increased attention online one year before the merger deal is signed, identified with Google Trends score, causes a large increase in pre-signing hacks, especially in recent years through ransomware attacks. Such an effect does not extend to the post-signing period. The increase in post-signing hacks is due to the incompatibility of merging information systems. More complicated information system integration in multi-hospital systems leads to greater elevated post-signing breaches. Conversely, the complementary effect of organizational capital that improves internal risk control reduces the increase in data breaches. For example, mergers involving publicly traded hospitals can experience a decrease in data breaches during mergers. The dynamic analysis shows that the data breach situation during mergers is getting worse because of soaring cases of hacks, even though insider misconduct has become less of a problem since 2014. Recent post-signing hacks exhibit shorter attack cycles compared to conventional malware attacks. These faster cycles catch unprepared hospitals off guard before hospitals get integration in order.

Working Paper

Revise and Resubmit, Information Systems Research
Abstract:

Cloud services exist under a shared security environment; both cloud services providers (CSPs) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users' security contributions and cloud usage figure into their CSP's vulnerability. Furthermore, CSPs' own security contribution takes into account both their users as well as competition with other CSPs. The Markov Perfect Equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP's Markov state of security. This implies that cloud security is an unusual form of impure public good whereby individual contributions bolstering a CSP's security endow a selective incentive (private benefit) on others, rather than only providing a selective incentive to the contributors themselves. Since this increases usage, CSP vulnerability increases over time. At the same time, the CSPs' competition with security may lead to a welfare improvement, but the lock-in effect of security on the platforms shapes the CSP's security investment and, eventually, the security results.

Selected Works in Progress

Medicare Payment Reforms, Hospital Information Systems, and Merger Outcomes (with Amalia Miller and Catherine Tucker)

Merger Selection and Cyber Risk: Evidence from Panel Data Analysis

Fellowships, Grants, Honors, and Awards

WEIS’23 Best Paper Award, Charles C. McKinney Scholarship, DFW Research Data Center Grant ($10, 000), NBER 2023 Workshop of Digital Economics invited attendee, NBER 2023 Digital Economics Tutorial invited attendee, Irving J. Hoch Scholarship, Office of Graduate Education Research funding, NSF graduate student travel grant, Alfred P Sloan Foundation student travel grant, Betty Gifford Johnson Travel Award, NBER 2022 Fall Economics of Privacy Tutorial invited attendee, MIS Quarterly 2023 Reviewer Development Workshop invited attendee

Teaching Fields: Business Analytics, Cloud Platforms, AI, Platform Economics, Information Systems, Microeconomics, Digital Economics, Game Theory, and Healthcare Management

Teaching Award: The University of Texas at Dallas President's Teaching Excellence Award, 2023

Affiliation: INFORMS Early Career Teachers’ Network (ECTN) for OR/MS/Analytics Teachers

Teaching Experiences

Instructor of Record, ECON3310 Intermediate Microeconomic Theory Fall 2022, Spring 2022, and Fall 2021
    Average Evaluation: 4.81/5.0; GPA: 3.30/4.0

Comets to the Core Assessment Reviewer Spring 2023, Spring 2022

Teaching Assistant:ECON4385/ECON5397 Business and Economic Forecasting (R), ECON2302 Principles of Microeconomics, ECON3315 Sports Economics, ECON2301 Principles of Macroeconomics, ECON3312 Money and Banking, ECON2303 Principle of Microeconomics, ECON 6302 Macroeconomic Theory (PhD Core)

Courses Designed

Game Theory course for Computer Science and Information Systems, Ph.D. research seminar on Health Digitization

Teaching Certificates

Graduate Teaching Certificate (GTC) and the Advanced Graduate Teaching Certificate (AGTC) from the Center for Teaching and Learning (CTL) at UTD