Hacking medical data has become a booming business, and attacks against hospitals are up 600 percent in 2014, a security company CEO told CNBC.
The increase in data-sharing, and the growth of the Internet of everything may be good for medicine, but it's creating a security nightmare for the health-care industry, said John McCormack, chief executive of Websense.
"Medical information is incredibly valuable, it's where the money is at," he said. "There's been a huge spike in hospital attacks."
Read MoreHackers are coming after your medical records
One credit card number costs mere pennies on the black market, but one medical record can be worth about $100, making it a much more appealing target, he said.
In August, after a major U.S. hospital operator was breached and the personal information of 4.5 million patients was stolen, the FBI cautioned health-care companies to ramp up their security measures. But hospitals often lack the expertise to take such steps, McCormack said.
"Medical information is being dumped in the cloud and being accessed by doctors who don't have the first clue about security," he said. "It's an afterthought."
Read MoreFBI warning: Hackers targeting health care firms
The fact that medical devices themselves are increasingly connected to networks, but are rarely properly secured, is creating another vulnerability, McCormack said.
"Because these are life-saving devices, medical professionals are not sure the security systems can handle them and not disrupt them, so they are opting out. By doing this they are creating more holes for the bad guys to get in," he said.
"So it creates a vicious cycle of a lot of value, more attacks and a bigger attack surface. The Internet of things is creating more opportunity for these things to get through."