Companies have a responsibility to protect the information of their clients. In the case of healthcare facilities, it is mandated by the HIPAA law. This law dictates that your doctor cannot talk about your healthcare with anyone who isn’t involved or needs to know. They can’t even say that you are a patient of the practice. This applies to the hospitals too, not just individual practitioners.

Now imagine if a major hospital system is breached and someone access their records. They now have the names of hundreds of thousands, if not millions, of people who sought care at that hospital, their diagones, their treatment and medications, their address and contact information, etc. This is all information that the hospital had a legal obligation to keep private.

Nobody can prevent 100% of breaches, but if it was found that the hospital’s policies didn’t meet certain standards, they will be slapped with hefty fines and penalties for their negligence.