Identifying the incompetend IT security department responsible for this is likely pretty easy.
It is much harder to make the message heard that those in charge of taking care of sensible data are those putting people at risk. How the stuff gets stolen isnt very relevant if it has been stolen.
Healthcare data should simply not be allowed to be stored in a way where it can get lost. Period. If the people in charge can not guarantee that, then digital storage needs to be stopped immediately.
Agree. Hackers in this case ought to be treated as a force of nature and those responsible for security treated as though they had failed to put adequate "weather protection" in place.
