According to a recent report published by JAMA Internal Medicine, large hospitals affiliated with medical schools are more prone to data breaches. Researchers examined the Department of Health and Human Services’ statistics on data breaches reported by various health care providers from late 2009 through 2016. The data revealed that 216 hospitals reported a total of 257 breaches during that period. Thirty-three of those hospitals were breached at least twice. Four facilities reported three breaches each, and another two providers were breached four times each.

More than one-third of the affected acute care hospitals—52 of 141—were major academic medical centers. As compared to hospitals that reported no data breaches, which had a median number of 134 beds, the affected hospitals were larger, with a median number of 262 beds.

The statistics also reflected that at 24 of the hospitals that reported breaches, the information of at least 20,000 individuals was exposed. At six hospitals, the reported breaches impacted at least 60,000 individuals. One hospital system accounted for more than four million breached records as the result of two separate breaches.

“It is very challenging for hospitals to eliminate data breaches, since data access and sharing are crucial to improve the quality of care and advance research and education,” said Assistant Professor for Johns Hopkins Carey Business School Ge Bai, who led the research team. The best defense against a data breach is a good offense. Health care providers are encouraged to routinely train staff on best practices and ensure that business associates are also taking precautions to mitigate the risk of a potential data breach. These measures are applicable to all companies, whether or not in the health care industry, which have access to their customers’ sensitive information.