Cybercriminals increasingly are using stolen medical records for other types of identity theft beyond health-care fraud, including filing fraudulent tax returns.
Last year, almost 100 million health-care records were compromised, making them a hacker's No. 1 target, according to a report by IBM. Now, hackers have realized "you can use those profiles for normal fraud stuff," wrote one seller of medical records on a website shown to CNBC by IBM.
Hackers sell the medical records to other criminals on the so-called dark Web, a portion of the Internet not indexed by search engines. In order to access these websites, you need to download a special browser.
More than 30 breaches of health-care data involving 500 or more people have already been reported in 2016, according to the U.S. Department of Health and Human Services' Office for Civil Rights.