NEW YORK ( -- A study indicates an astounding 43% of identity theft cases last year were the result of medical identity theft. This occurs when criminals gain access to your medical files and use information to open accounts and make purchases.

The study points out the lack of security for electronic devices -- such as tablets and smartphones -- used in health care facilities.

"Despite concerns about employee negligence and the use of insecure mobile devices, 88% of organizations permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organization's networks or enterprise systems such as email," says the Fourth Annual Patient Privacy and Data Security report from the Ponemon Institute.

Also see: ID Thieves Took Less Money Last Year>>

Most health care organizations that practice the "bring your own device" policy do not require employees to use anti-virus programs on their tablets and phones. This makes the devices vulnerable to high-tech thieves who want to steal information from the programs.

"More than half of [these] organizations are not confident that the personally owned mobile devices are secure," the report says.

What could the criminals do with your medical records? This depends on how much information is stored. In most cases, your full name, address and Social Security number are enough for hackers to create credit cards and open accounts in your name. They rack up as many charges as possible, then leave you to clean up the mess.

Ask your hospital, clinic, doctor's office or other medical facility about their security practices and take advantage of getting your free credit report every year from the three credit reporting agencies. It is in your best interest to take steps to guard against medical identity theft.

Bill Hardekopf is chief executive of

, which compares and rates more than 1,000 credit cards. He is the co-author of "The Credit Card Guidebook."