http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/ CNN story of 4.5 mil records of Community Health Systems - why would hackers want these records?
Because the records have ss#, names and addresses.
" But this time, the hackers stole patient data instead. Hackers did not manage to steal information related to patients' medical histories, clinical operations or credit cards. "
The patient data is supposedly protected by HIPAA, but it is only as good as the hospital network overseers.
And if the people in charge do not do the right things, like testing:
Then it does not matter... One has to have a Security policy with stringent controls, physical and electronic. Wireless and wired, Internet and corporate network, Cloud and office. It must all work towards the goal of protecting your data.