Because under US law, credit card companies are liable for the cost of credit card fraud above a nominal amount, they have strong incentives to continuously search for and attempt to block fraudulent transactions. I don't think there is any comparable legal driver that forces health providers to bear the financial cost of similar fraud from patient info loss, nor are they necessarily "in-line" to see the exploitation of information stolen from them. ...
Perhaps the significant difference here is that, with credit cards, the main usage is bogus charges that have an immediate monetary value. With the medical information, there's no specific dollar amount that's been "stolen"; the value is in who's willing to buy the information. This doesn't result in any specific charge against the medical corporation or the patient, so the financial system considers its value to be zero.
This is also what might make it difficult to fight. You can't just say that the medical corporation is responsible for an charges over $50, because there are no such charges in the patient's name. The only effective way of fighting the problem will involve the (mis)use of the medical data.
I've seen this comment from some Scandinavian sources, to explain an interesting curiosity: In recent decades, a lot of medical "advances" have come from Scandinavia, and what they've mostly had in common is that they started with study of accumulated medical records, what the statistics folks (including my wife ;-) call "data dredging". This has turned up all sorts of interesting correlations. Now, we can cue the "Correlation is not causation" mantra here, but in fact such correlations are often pointers to useful research, as people try to explain them.
The interesting part of this is the explanation of why this data dredging happens so much in Scandinavia. The explanation seems to be that the governments there didn't try to make the medical records very secret. Rather, they imposed serious financial repercussions to "misuse" of the data. Thus, here in the US, expensive medical problems (e.g., a positive HIV test) typically result in loss of job and permanent unemployment. In Scandinavia, firing an employee because of expensive medical problems can result in serious fines against the employer. So employers have an incentive to find good medical help for employees instead of firing them. (The fact that medical services aren't charged to employers also helps.)
I haven't seen much discussion of this outside of Scandinavian sources, though, and there might be a lot more going on. But there is definitely a problem in the US, where medical data is a valuable commodity that can be used for all sorts of anti-social (and anti-individual) purposes for profit. But the medical industry doesn't suffer when this happens, so they have little incentive to "waste" resources preventing it.