Medical Record handler for the US Navy
Airman Lauren Thurgood of Las Vegas, Nev., pulls patient medical records in the inpatient ward aboard the aircraft carrier USS Kitty Hawk in 2004. These medical records are safe. Are yours? U.S. Navy

Financial crime is probably one of the last things people have on their minds when they go to the doctor’s office. Every day, millions of Americans fill out forms in waiting rooms and surrender troves of personal information without thinking there could be an identity thief lurking among the stacks of a records-keeping room.

But as one U.S. National Guard major in Alabama recently discovered, medical records aren’t exactly 100 percent secure from criminals seeking to crib Social Security numbers and other valuable data and sell them to organized criminals who bankrupt their victims.

"It has been a struggle, and it has been very damaging," Zane Purdy told the Montgomery Advertiser about his experience being the target of identity theft that cost him his security clearance at defense contractor General Dynamics Corporation (NYSE:GD) and, for the same reason, his National Guard position.

Purdy now works for minimum wage as a restaurant waiter in Trussville, according to the paper. His properties have liens on them; his wife had to drop out of her nursing studies. In short: Purdy is living the American Nightmare of financial fraud. The U.S. Attorney’s Office and the IRS are assisting Purdy in undoing the damage.

Last week a judge sentenced Angeline Austin, 41, to five years and five months in prison for stealing more than 800 names, including Purdy’s, from a medical center in Troy, Ala. The U.S. Attorney’s Office 22-count indictment filed last year says Austin worked for Southern Records Management’s Montgomery office, which had a contract with Troy Regional Medical Center.

The U.S. attorney said Austin then sold personal data “to another person” who used them to file fraudulent tax returns, defrauding the taxpayers out of $1.6 million.

In another recent incident reported to the nonprofit Identity Theft Resource Center, which seeks to help people like Purdy recover their lives from the crippling repercussions of identity theft, an unidentified person called to say his medical identity had been stolen. He learned of the breach when he tried to refill a prescription.

"Someone else was using his information to obtain prescriptions at a well-known national retail pharmacy," Eva Velásquez, president and chief executive officer of the ITRC, told financial publisher bankrate.com.

According to the Federal Trade Commission, Americans reported 279,156 cases of identity theft in 2011. (The figures for 2012 will be out later this month.) Out of them, only about 6,100 were linked to medical records breaches. But could these types of scams be rising?

According to the ITRC, 22 of the 50 identity theft incidents it identified in the first 36 days of 2013 were categorized as linked to medical institutions or health care companies. And these 50 breaches could have affected as many as 248,503 people. Last year, the nonprofit identified 447 total breaches (in all categories) that could have affected up to 17.3 million people. If that doesn’t make your heart skip a beat, perhaps you should see a doctor.