For most people, concerns of personal medical data getting stolen, hacked or otherwise compromised are probably right up there with similar worries for financial data. And while cybercriminals target financial companies more often than any other industry, the medical industry attracts its own share too.

But unlike the financial industry, which knows it is targeted and has hence taken significant cybersecurity measures, the medical industry is still very largely vulnerable, according to a report by SecurityScorecard, a Google-backed online risk monitoring platform. The report, titled “2016 Annual Healthcare Industry Cybersecurity Report,” analyzed 700 organizations in the industry, including hospitals, insurers and manufacturers, between August 2015 and August 2016.

It found over 75 percent of the entire healthcare industry was infected with malware of one kind or another over the year. Within the industry, medical treatment centers ranked best with about 76 percent infection rate, while at 88 percent, manufacturers performed the worst. But given the difference in the number of manufacturers and hospitals, malware infections in medical treatment centers accounted for over 95 percent in the industry overall.

Part of the reason treatment centers have a high rate of malware is because they house a large number of Internet of Things (IoT) devices, which have wireless capabilities but are often low on security. If an IoT device is hacked, it can be forced not only to malfunction but potentially also be used as a gateway into the organization’s larger information system. Another factor making many healthcare facilities vulnerable is many of them have been around for a long time and have legacy infrastructure that hasn’t been securely updated or patched.

“Much like cybersecurity, the granular details of the healthcare industry are complex, change frequently, and can have significant immediate impacts on human lives. It is difficult, to expect everyone who is adept in one specialized technical skill set to be proficient in a completely new field. However, basic understandings of cyber security concepts are now required within the industry and should be part of standard medical training, especially as medical devices are now 'enhanced' with the capabilities to connect to the internet,” Alex Heid, chief research officer at SecurityScorecard, told International Business Times.

According to a report by PricewaterhouseCoopers, cybersecurity is among the top five concerns of the healthcare industry.

Medical records, while sensitive in of themselves, are often stored along with patients’ personal information, such as social security details, contact information and even financial data. And there is a huge underground market for this treasure trove of information. Another recent report by Intel Security said databases of healthcare records are being traded for up to $200,000 in the digital underground.