[sidlls]

Agreed with this. IT in hospitals is perpetually underfunded and basically a playground for creatures of corporate politics. Between administrative staff who think their medical credentials qualify them to micromanage IT decisions and perpetually under-funded departments I'm actually shocked that their systems aren't regularly crippled or destroyed by malicious entities.

Don't assume your medical data is secure. Systems that conform to HIPAA regulations are just one part of their computing infrastructure, and it's trivial to maliciously access a huge surface area outside of those specific pieces of hardware and software--and once a malicious actor has that access, it's not too hard to cross the gap.