Welcome to my website! I am a Postdoctral Associate at MIT Sloan.
I finished my Economics PhD under the supervision of Daniel Arce, Catherine Tucker, Anne M. Burton, and Anton Sobolev.
My research focuses on the Economics of Digitization with an emphasis on Health IT, Cybersecurity, Privacy, Cloud, and Responsible AI.
Prior to graduate school, I was a business data platform test engineer at China Construction Bank Supply Chain Finance Company and an assistant researcher at Investment Research Institute in Beijing. I hold an MS in Accountancy (Data Analytics) from University of Illinois Urbana-Champaign. I am an award-wining teacher with a wide range of teaching interests in Business Analytics, Cloud Platforms, AI, Platform Economics, Microeconomics, Digital Economics, Game Theory, and Health Economics.
A copy of my CV is available HERE. Email me at nanc@mit.edu
Job Market Paper
Data breaches in hospitals disrupt care, potentially leading to fatal consequences, violating privacy rights, and incurring significant costs to remedy. Mergers and acquisitions serve as an essential source of financing but also induce substantial management challenges. I study whether and how hospital mergers increase the probability of a data breach. Using proprietary hospital merger records and the archived data breach reporting from the Department of Health and Human Services from 2010 to 2022, I implement a stacked difference-in-differences estimation strategy to show that in the two-year window after hospital consolidation, incidents of data breaches in merger targets, buyers, and sellers more than double as compared to the pre-treated groups. The effect is robust to changes of the two-year window. The effect is also robust to the changes in sample size due to the data availability of the control variables and in how standard errors are clustered. The incompatibility of the merging information systems causes an increase in hacking in the post-signing period. Health systems, especially the large and experienced health systems, suffer greater such elevated post-signing breaches. In recent years, cyber attacks have shorter attack cycles than traditional malware attacks and catch hospitals that haven't gotten integration in order by surprise. The signaling effect that reduces hackers’ information asymmetry about the hospitals causes an even larger increase in pre-signing hacks, especially in recent years through ransomware attacks. Such signaling effect does not spill over to the post-signing period. Conversely, the complementary effect of organizational capital that improves internal risk control reduces the increase in data breaches. For example, mergers involving publicly traded hospitals can experience a decrease in data breaches during mergers. The dynamic analysis shows that the data breach situation during mergers is getting worse because of soaring cases of hacks, even though the insider misconduct have become less a problem since 2014.
Publications
We create a generalizable dynamic model for shared security on the cloud. Cloud platform competition on security lead to welfare improvement.