> I think (right now) there isn't a way to really mass-target people illegally if you have their medical data. Blackmail requires some non-zero amount of effort per user.
I'm saying that's not really true anymore. These systems have patient email addresses and their medical histories. It's doesn't seem to me a big leap to automate ransomware. Hell, there's plenty of encryption-based ransomware schemes active right now and they involve needing access to the target's local PC. This doesn't even require that. One massive healthcare breach and anyone who can pull it down on bit-torrent can start going to town extorting.
I think it's something that's been a practical possibility for a couple-few years now. Just hasn't happened yet.
I'm saying that's not really true anymore. These systems have patient email addresses and their medical histories. It's doesn't seem to me a big leap to automate ransomware. Hell, there's plenty of encryption-based ransomware schemes active right now and they involve needing access to the target's local PC. This doesn't even require that. One massive healthcare breach and anyone who can pull it down on bit-torrent can start going to town extorting.
I think it's something that's been a practical possibility for a couple-few years now. Just hasn't happened yet.