And the average profit per record is $20,000 -- compared to just $2,000 for regular identity theft.
"Generally, prices for stolen health coverage data are an order of magnitude greater than for compromised payment card data," said Don Jackson, director of threat intelligence at Charleston, SC-based PhishLabs.
One reason, according to an EMC white paper about healthcare cybercrime, is that medical information fraud takes twice as long to spot, and is difficult to address.
Bank accounts can be easily closed, and credit cards re-issued, but correcting medical records is a far tougher challenge.
The World Privacy Forum has a list of tips for consumers, which include requesting copies of insurance billing records on a regular basis, filing police reports when there are fraudulent charges, and taking steps to correct the records when discrepancies are found. However, the organizations admits that some of this can be difficult -- in particular, police departments may not even accept a report on crimes outside their jurisdictions.
Meanwhile, many insurance companies do not have the kind of monitoring that credit card companies do to catch unusual behaviors or fraudulent transactions, said ID Experts' Gregg.
According to Gregg, there are three main ways that criminals take advantage of this.
There's the classic medical identity theft where fraudsters print up fake IDs and get medical care on your dime.
Then there's a more profitable billing fraud industry, where fraudsters set up fake clinics and bill your insurance provider for services and treatments you never received.
"It's like having a credit card that you can use to the limits of your policy, which is usually measured in the millions of dollars," he said.
Finally, your medical information can be used to order prescription drugs, which are then resold on the street for a steep markup.
"There are online pharmacies basically set up as pill mills," he said.
They don't care if the prescription itself is valid -- as long as the billing information is correct.
Basic credit monitoring services won't help, he added.
"It might show up as a hospital bill a year from now that you didn't pay," he said.
Gregg's ID Experts is one of the first companies to offer medical identity monitoring services to insurance companies, alerting individual account holders of any new charges on their medical records, and giving them an opportunity to immediately dispute those charges.
The service is currently used by Moda Health, an insurance company based in Portland, Ore., and is currently being piloted by two other firms.
The service is not available to individual consumers.
"We need the claims data feed from the payer to make it effective," he said. "We're trying to figure out how to offer it through other systems, but we can't do it today."
Sign up for CIO Asia eNewsletters.