. Yet recent research co-authored by a Michigan State University business scholar found nearly 1,800 occurrences of large data breachesAttack.Databreachin patient information over a seven-year period . The study , by Xuefeng “ John ” Jiang , MSU associate professor of accounting , and colleagues from Johns Hopkins and Ball State universities , is published in JAMA Internal Medicine . The data breachesAttack.Databreachoccurred in health care facilities ranging from UC Davis Medical Center in California to Henry Ford Hospital in Michigan . “ Our findings underscore the critical need for increased data protection in the health care industry , ” Jiang said . “ While the law requires health care professionals and systems to cross-share patient data , the more people who can access data , the less secure it is. ” The researchers examined Department of Health and Human Services data for the period October 2009-December 2016 . By law , hospitals covered by the Health Insurance Portability and Accountability Act , or HIPAA , must notify HHS of any breach affecting 500 or more individuals within 60 days from the discovery of the breach .