For the first time since The Identity Theft Resource Center started tracking data breaches in 2005, healthcare has topped the list of industries responsible for the largest percentage of data breaches.

Of the 614 breaches the ITRC tracked across all sectors and industries last year, healthcare accounted for 43.6 percent. This was the first time in eight years it overtook the business sector, which accounted for 33.9 percent of last year's breaches.

The increase in reported healthcare breaches can be partially attributed to the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which made it a requirement for organizations to report all breaches affecting 500 or more individuals.

The rise is also due to the fact that data thieves are recognizing the value of healthcare data while physicians underestimate the threat of a breach, said Karen Barney, program director with the ITRC.

Of the healthcare breaches that occurred in 2013, the largest percentage were caused by insider theft at 7.2 percent; this is up from 2.8 percent in 2009. Breaches caused from hacking rose from 1.6 percent in 2009 to 4.6 percent in 2013.

According to the World Privacy Forum, a stolen medical identity has a street value of $50 compared with an estimated $1 thieves can expect to fetch for a stolen social security number. Given the value, there is clear motivation for thieves to go after patient data. Stolen medical identities can also be used to obtain medical treatment, putting victims at risk of their medical files containing erroneous information.

There's a great need for more awareness among medical professionals as thieves are regularly coming up with new ways to access the data, Barney said.

"These guys are just always one step ahead," she said.

As practices implement ways to protect their patients from identity theft, they shouldn’t forget their younger patients, warns Experian, the global information services group that is one of three major credit monitoring agencies in the U.S. In its 2014 Data Breach Industry Forecast report, Experian said children have a 51 percent higher chance of becoming a victim of identity theft than adults.

Children, whose information can be changed just enough for thieves to obtain credit in their names, offer thieves a clean slate when it comes to credit history. The theft often goes unnoticed for a long time since proactive credit monitoring of children isn't typically done.

In addition to normal data protection strategies, physician practices can take it one step further for children by being selective about the information they collect, particularly social security numbers, said Rob Griffin, director of public education for Experian.

"Think about the kind of information you collect and whether or not you need it and why you need it," Griffin said. "If there are regulatory reasons to keep that information, then you certainly should. But if not, maybe you don't need to collect it."

When developing breach response plans, practices should also include children in any credit monitoring that is offered when a breach has occurred. Ideally, children will not have a credit report on file. If they do, that's a problem, Griffin said. Monitoring for the creation of a credit file will help mitigate damages if a child's identity is stolen.

The best course of action is creating a secure environment so that breaches don’t occur, Griffin said. And one thing practice owners tend to do is underestimate the risk of inside jobs.

Barney agrees: "There is a high level of apathy."

Many practices don't think about best practices until after they have experienced a breach. They fail to adopt basic data protection measures including encryption, strong passwords, role-based access and mobile device use guidelines, she said.

Experian predicted in its report that 2014 will be a big year for health data breaches. According to Barney, it's already off to an active start. She has tracked 92 breaches so far this year, and healthcare is still in the lead at 43.5 percent.