[mapt]

What is my incentive, as a shareholder in a medical company, to demand functional, bulletproof security, and to hold on to no more data than I need, and to encrypt everything? I'm never going to suffer as a result of breaches. Nor are any of my staff. so long as evidence doesn't show that they did it deliberately.

A cryptocurrency business or a diamond business, by contrast, has very strict security protocols, because if they don't, all the value gets wiped out very quickly. The rules basically absolve the healthcare company of fiscal responsibility.

This update OP is posting about may require jumping through certain hoops, but it does not require functionality of those measures.