"Typically, what we find are things like first name, last name, address, medical condition, whether they were a smoker, diabetic patient, perhaps even as intensive as, or invasive as whether they are HIV-positive or not," Porter said. "Some of the most intimate information about all of us potentially could be revealed if appropriate safeguards aren't put in place.
How Does It Get Out?
Many of the breaches occur through theft or hacking of a computer that contains medical records, loss of the records or unknown reasons.
Security professionals are seeing an increase in theft via the "insider threat," Porter said.
"It's a depressed global economy," Porter added.
Thieves might approach medical staff and offer upward of $500 per week for providing 20 to 25 insurance claim forms, medical records or health financing records, Porter said. Those documents fall under HIPAA security rules and are considered protected health information.
In June, a hospital medical technician at Howard University pleaded guilty to selling patient information, including names, birth dates and Medicare numbers, for $500 to $800 per transaction for more than a year.
In August, a hospital employee at Florida Hospital Celebration was arrested for accessing more than 700,000 patient records in two years.
According to the FBI, Dale Munroe accessed car accident victims' date and sold it to someone who passed it on to chiropractors and attorneys.
And this week, the University of Miami Health System said that two workers had "inappropriately" accessed patient data and "may have sold the information to a third party."
On the black market, "health information is far more valuable than Social Security numbers," said Dr. Deborah Peel, founder and chairwoman of Patient Privacy Rights.
ABC News' searches found one seller offering database dumps for $14 to $25 per person. After a quick email inquiry into the sale of records, ABC News was sent, unsolicited, 40 individuals' private health information, including their names, addresses and body mass index.
Another inquiry yielded an offer of more than 100 records that, if purchased, would have included everything from Social Security numbers to whether someone suffered from anxiety or hypertension, or even their HIV status.
ABC News contacted patients from one of the lists to see if they knew their information was being sold over the Internet and if they had consented.
One victim named Rafael said he had not "recalled" giving anyone permission to sell his information.
"I'm appalled, I'm disgusted and I'm very much concerned," Rafael said. "Who's giving out my personal information like that? I thought there were security and safeguards for these things. I thought … your medical records are confidential."
Who Uses This Information?
Purchasers of private medical information could use it for medical fraud.
More than 50 million people in the United States didn't have health insurance as of 2010, according to the U.S. census. That has led to a surge in medical identity theft as a means of obtaining medical care, Porter said.
However, corporations, including pharmacies, drug manufacturers, insurance companies and even hospitals, also might purchase the medical information.
Pharmaceutical companies often use it to better target their consumer, Porter said.
"They've spent years of research and development looking for a particular product to treat a certain patient condition -- diabetes, for example," Porter said. "So they would have an interest in knowing, perhaps, who some of these patients are. Why? So maybe they can customize some marketing efforts and some detailing specific to that patient demographic to help sell their medication, ultimately."