Targeting healthcare organizations remains about as easy as shooting fish in a barrel. The industry has one of the lowest rates of data encryption and the security culture is severely lacking. Employee education remains poor, leading to a lot of costly mistakes in how patient data is handled.
Naked Security has written about the problem at length, and Sophos has done polling that makes the issues described above all too clear.
