Thieves, hackers and careless workers have breached the medical privacy of nearly 32 million Americans, including 4.6 million Californians, since 2009. Those numbers, taken from new U.S. Health & Human Services Department data, underscore a vulnerability of electronic health records. These records are more detailed than most consumer credit or banking files and could open the door to widespread identity theft, fraud, or worse. Consider the case of Tustin-based GMR Transcription Services Inc. The Federal Trade Commission alleges that in 2011 a GMR subcontractor put transcribed medical audio files on a computer server that was then indexed by Google.