Date of Conferral



Doctor of Information Technology (D.I.T.)


Information Systems and Technology


Charlie Shao


Insufficient security and design strategies used during the analysis phase of medical device software development can lead to possible cybersecurity vulnerabilities with patient data. The purpose of this qualitative exploratory multiple case study was to explore strategies software developers use to implement security measures to protect patient information collected, sent, and stored by medical devices. The population for this study included software developers whose primary focus was on the security aspect of medical software in three software companies in the Baton Rouge, LA, area. The data collection process included semistructured interviews with 10 software developers and reviewing 16 organizational documents. The conceptual framework chosen for this study was the social shaping of technology, which aided in understanding how social, institutional, economic, and cultural factors affect technological decisions. An inductive analysis approach was used in this study to derive meanings and themes from participants experiences and triangulated with company documents to reach a comprehensive understanding of the research question. Prominent themes from data analysis included the security of medical device data, social influences on medical device security, establishing standard policies for medical device security, and factoring costs for medical device security. An implication for positive social change is that software developers who want to learn about similar issues and strategies to keep security breaches from happening in their organizations may be able to implement new strategies to limit cybersecurity vulnerabilities and the exposure of private personal health information.