HCA used to be very serious about their data protection policies, including real audits on their subcontractors. Not sure how they are now, but 5-10 years ago there was good reason I didn't hear about HCA leaking.
Nah. The level of attacks is through the roof now compared to then. And with so many more loose data access points, it's giant risk vectors everywhere.