Healthcare companies keep patients’ personal and financial data.Many patients use online payment options, which means their records may have information such as bank accounts and debit/credit card numbers.
Healthcare companies keep and share patient records. As part of the Affordable Care Act, healthcare providers are required to maintain their records electronically and share the data with other healthcare providers.
Healthcare companies are a soft target. Companies in the healthcare industry are more focused on regulatory compliance than security.
I think this article is good starting point for new big discussion: is healthcare going to be the next primary hacking target as the focus is being moved out of PCI which is slowly but surely transitioning towards more secure technologies such as EMV, P2PE, and Apple Pay? Anyway, I like this break down of the problem: