I used to work specifically in the healthcare space doing cleanup work for companies that had been recently breached. I think "huge fines" is quite an overstatement. The largest HIPAA fine in history for a data breach was for the Anthem hack, which was a leak of ~80 million records and Anthem was fined $115 million. That's no small number, but at the end of the day it's still only less than 5% of their yearly net income. And Anthem is a huge outlier: the second largest HIPAA fine in history was only ~$6 million. It's not exactly a huge deterrent for companies that want to ignore security.
In terms of the public exposure, you'd probably be surprised at how many healthcare insurers/providers have data breaches but you never hear about them because these companies know how/when to report it so that it ends up nothing more than a footnote on the back page of the local paper.
In terms of the public exposure, you'd probably be surprised at how many healthcare insurers/providers have data breaches but you never hear about them because these companies know how/when to report it so that it ends up nothing more than a footnote on the back page of the local paper.