Publications
Publications
Show Results For
-
All HBS Web
(108)
- Faculty Publications (38)
Page 1 of
38
Results
→
- November 2023
- Article
Federated Electronic Health Records for the European Health Data Space
By: René Raab, Arne Küderle, Anastasiya Zakreuskaya, Ariel Dora Stern, Jochen Klucken, Georgios Kaissis, Daniel Rueckert, Susanne Boll, Roland Eils, Harald Wagener and Bjoern Eskofier
The European Commission's draft for the European Health Data Space (EHDS) aims to empower citizens to access their personal health data and share it with physicians and other health-care providers. It further defines procedures for the secondary use of electronic...
View Details
- October 2023
- Case
Fortinet: Cybersecurity Pioneer Ken Xie Considers the Long Game
By: Tsedal Neeley, Jeff Huizinga and Emily Grandjean
Ken Xie, cofounder of cybersecurity giant Fortinet, faced a critical decision that would validate his leadership. Fortinet became the industry’s second-largest pureplay cybersecurity firm by developing differentiated hardware and investing in R&D. However, after a...
View Details
- September 2023 (Revised October 2023)
- Case
CyberArk: Fearlessly Forward in a Digital World
By: David B. Yoffie and Daniela Beyersdorfer
CyberArk was a leader in privileged access management and was an emerging leader in security identity. This case explores strategies in cybersecurity and whether big bets are needed to become a global leader.
View Details
- 24 Apr 2023 - 27 Apr 2023
- Conference Presentation
Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security
By: J. Carlos Vega, Hise O. Gibson, Nicole Gilmore and Larry Whiteside Jr.
Diversity, Equity, & Inclusion (DEI) is necessary to create the world class teams we need to defend against advanced threats and adversaries; however, the approach that most take often fails spectacularly. The panel challenges the current practices, the failings, and...
View Details
- March 2023 (Revised June 2023)
- Teaching Note
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
Teaching Note for HBS Case No. 123-065. In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Health Industry;
Alabama;
United States
- March 2023
- Teaching Note
Ransomware Attack at Colonial Pipeline Company
By: Suraj Srinivasan and Li-Kuan Ni
Teaching Note for HBS Case No. 123-069. On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Infrastructure;
Distribution Industry;
United States;
Alabama
- March 2023
- Case
Ransomware Attack at Colonial Pipeline Company
By: Suraj Srinivasan and Li-Kuan Ni
On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth about $4.4 million at the time) in...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Infrastructure;
Distribution Industry;
United States;
Alabama
- February 2023
- Case
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama, fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to securely restore the network, medical...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Health Industry;
United States;
Alabama
- October 2022 (Revised September 2023)
- Case
SolarWinds Confronts SUNBURST (A)
On December 12, 2020, SolarWinds learned that malware had been inserted in its software, potentially granting hackers access to thousands and thousands of its 300,000 customers. General Counsel Jason Bliss needed to orchestrate the company response without knowing how...
View Details
- October 2022 (Revised September 2023)
- Supplement
SolarWinds Confronts SUNBURST (B)
Supplements the (A) case, describing actions taken by SolarWinds as well as by regulatory agencies in the aftermath of the immediate crisis. The case also includes reflections by SolarWinds managers on the choices they made with respect to disclosure, media relations,...
View Details
- October 2022
- Background Note
Note on Cyberattacks and Regulatory Regimes
Describes common types of cyberattacks on enterprises and their costs, as well as the fragmentary regulatory regimes through which U.S. states and regulatory agencies at the start of 2021 attempted to encourage disclosure of cyberattacks and to pursue enforcement...
View Details
- August 2022
- Case
Atlanta Ransomware Attack (A)
By: Amit Goldenberg and Julian Zlatev
This case describes the March 2018 Ransomware attack on the information technology (IT) systems of the city of Atlanta and the response by Mayor Keisha Lance Bottoms and her administration. The case includes a brief background on Bottoms and her young administration at...
View Details
Keywords:
Crime and Corruption;
Decision Making;
Cost vs Benefits;
Decision Choices and Conditions;
Decisions;
Ethics;
Values and Beliefs;
Government and Politics;
Government Administration;
Information Technology;
Cybersecurity;
Information Management;
Leadership;
Management;
Crisis Management;
Management Teams;
Negotiation;
Risk and Uncertainty;
Social Psychology;
Perception;
Personal Characteristics;
Perspective;
Power and Influence;
Society;
Public Administration Industry;
United States;
Georgia (state, US);
Atlanta
- August 2022
- Supplement
Atlanta Ransomware Attack (B)
By: Amit Goldenberg and Julian Zlatev
This case describes the March 2018 Ransomware attack on the information technology (IT) systems of the city of Atlanta and the response by Mayor Keisha Lance Bottoms and her administration. The case includes a brief background on Bottoms and her young administration at...
View Details
Keywords:
Crime and Corruption;
Decision Making;
Cost vs Benefits;
Decision Choices and Conditions;
Decisions;
Ethics;
Values and Beliefs;
Government and Politics;
Government Administration;
Information Technology;
Cybersecurity;
Information Management;
Leadership;
Management;
Crisis Management;
Management Teams;
Negotiation;
Risk and Uncertainty;
Social Psychology;
Perception;
Personal Characteristics;
Perspective;
Power and Influence;
Society;
Public Administration Industry;
United States;
Atlanta;
Georgia (state, US)
- 2022
- Article
Data Poisoning Attacks on Off-Policy Evaluation Methods
By: Elita Lobo, Harvineet Singh, Marek Petrik, Cynthia Rudin and Himabindu Lakkaraju
Off-policy Evaluation (OPE) methods are a crucial tool for evaluating policies in high-stakes domains such as healthcare, where exploration is often infeasible, unethical, or expensive. However, the extent to which such methods can be trusted under adversarial threats...
View Details
- May 2022
- Case
TikTok and National Security: Investment in an Age of Data Sovereignty?
By: Jeremy Friedman, Sarah Bauerle Danzman and David Lane
This case covers TikTok’s purchase of Musical.ly and the reaction of the United States government, including the review of the purchase by the Committee on Foreign Investment in the United States (CFIUS) and the reaction of the presidential administration of Donald...
View Details
- March 2022
- Article
How to Prioritize the Improvement of Open-Source Software Security
By: Frank Nagle
- 2022
- White Paper
Census II of Free and Open Source Software - Application Libraries
By: Frank Nagle, James Dana, Jennifer Hoffman, Steven Randazzo and Yanuo Zhou
Produced in partnership with Harvard Laboratory for Innovation Science (LISH) and the Open Source Security Foundation (OpenSSF), Census II is the second investigation into the widespread use of Free and Open Source Software (FOSS). The Census II effort utilizes data...
View Details
- March 2022
- Article
From Proprietary to Collective Governance: How Do Platform Participation Strategies Evolve?
By: Siobhan O'Mahony and Rebecca Karp
When platform leaders change the rules guiding who can access and control a platform, the strategies of those who create value from the platform can be upended. Little research examines how platform participants adapt their strategies when a platform leader changes the...
View Details
- January 2022 (Revised November 2023)
- Supplement
Uber in China (C): The Cost of Success for Didi
By: William C. Kirby and Noah B. Truwit
On June 30, 2021, ride-hailing giant Didi Chuxing (Didi) raised $4.4 billion in its initial public offering (IPO) on the New York Stock Exchange (NYSE), the largest IPO of a Chinese company listed on an American exchange since Alibaba raised $25 billion in 2014....
View Details
Keywords:
China;
Uber;
Didi Chuxing;
Start-up Growth;
Regulation;
Ride-sharing;
Transportation;
Business Startups;
Business and Government Relations;
Cross-Cultural and Cross-Border Issues;
Growth and Development;
Policy;
Competition;
Laws and Statutes;
Transportation Industry;
Technology Industry;
China
- September 2, 2021
- Article
The Digital Economy Runs on Open Source. Here's How to Protect It.
By: Hila Lifshitz-Assaf and Frank Nagle
Free and open source software (FOSS) is essential to much of the tech we use every day—from cars to phones to planes to the cloud. While traditionally, it was developed by an army of volunteer developers and given away for free, companies are increasingly taking a more...
View Details