[Indy9000]

I think a third party or minimum number of parties can be included in this trust network for exchange of information. Where as now (if the data gets public) there's no restriction.

This may not be the status quo of the medical system. But I'm willing to bet it wasn't conceived and put in place when breaches like this could happen frequently and the consequences were damning. Overhaul of the process is required. Just keep paying the Ransom/Hackers is not the only and meaningful solution.