This study quantifies the effects of mergers on hospital data breaches, disrupting care, leading to fatal consequences, violating privacy rights, and incurring significant costs to remedy. Using U.S. hospital data over ten years, I provide causal evidence that data breach rates double during hospital mergers. The results suggest high pre-signing online visibility contributes to the doubled data breach rates. Increased online visibility makes mergers more noticeable to malicious actors and raises external threats. Post-signing information system integration leads to technical challenges, which is another factor for data breach risks. Effective management can mitigate the data breach risks in certain types of hospitals. By contrast, I find no evidence that the experience or resources of large multi-hospital health systems reduce the data breach risks. The study discusses the implications of predicting and managing data breach risks for hospital managers, health IT leaders, and healthcare authorities.

Cloud services exist under a shared security environment with a dynamic nature; users trade fixed costs for variable costs over time and both cloud service providers (CSP) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users' security contribution takes into account both their users as well as competition with other CSPs. The Markov Perfect Equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP's Markov state of security. This implies cloud security is an unusual form of impure public good whereby individual contributions bolstering a CSP's security endow a selective incentive (private benefit) on others, rather than on the contributor alone. Since this increases usage, CSP vulnerability increases over time. At the same time, CSP competition on security may lead to both welfare improvements for users and lock-in.