[pksebben]

it's because the patients are running the sanitarium here.

the typical cost of legal actions pursuant to a data breach are so low, it doesn't make dollars or sense to give a shit about customer infosec.

It's not like we don't have perfectly capable people, or that the companies in question don't care about information security in general. For example, it's exceedingly rare to see a data leak that makes individuals or institutions look bad from a PR standpoint (like Snowden).

But customer data? why bother? what, are they gonna slap us with a million dollar class action? I'm quaking so hard in my boots my multibillion market cap is gonna fall off.