Large health care providers and teaching hospitals face a greater risk of having their medical records compromised by hackers, researchers say in a new study published in the Journal of the American Medical Association.

The researchers, including Ge Bai, an assistant professor at the Johns Hopkins Carey Business School, reviewed nearly 1,800 data breaches reported in the past seven years and found vulnerabilities increase with the size of a hospital.


"A fundamental trade-off exists," they wrote. "Broad access to health information — essential for hospitals' quality improvement efforts and research and education needs — inevitably increases risks for data breaches."

The study comes one year after hackers crippled the networks of MedStar Health, encrypted the records of hospital across its system, and held the information for ransom. Federal law requires hospitals to report breaches affecting at least 500 people. A database lists nearly 40 breaches against Maryland hospitals and providers since 2010.

More than 1,300 people were affected in a January breach of University of Maryland Orthopaedics Associates.

Someone accessed the network server of Bon Secours Health System in August, putting the medical records of more than 650,000 people at risk.

And when riots broke out after the death of Freddie Gray two years ago, vandals looted a pharmacy in Penn North, stealing about 150 prescription bags with patient names, addresses and medications.

Six months later, a laptop with patients names and records was stolen from a doctor at the Johns Hopkins Hospital, putting 571 people at risk.

"As the adoption of electronic record and health information technology rapidly expands, hospitals and other health providers increasingly suffer from data breaches," the researchers wrote.

Bai and two co-authors examined the federal database for their April 3 study. They found 257 breaches reported at 216 hospitals. Thirty-three of them were breached at least twice and many were major teaching hospitals.