Re: "a former business leader"
It's not just his condition, the offence is obviously not being treated very seriously. For one thing the plea bargain makes no mention of phones going offline being intentional, and I imagine the prosecution felt they'd struggle to prove it was. But the main factor is the US legal system's over-focus on financial damage in hacking cases. This case is a textbook example of one side of that:
"b. Section 2B1.1(b)(1)(H) applies because the amount of loss resulting from the offense(s) of conviction and all relevant conduct is more than $550,000 but less than $1,500,000, resulting in an increase in the offense level by 14.
...
d. Section 2B1.1(b)(18) applies because (i) the Defendant was convicted of an offense under 18 U.S.C. § 1030, and the offense involved an intent to obtain personal information and (ii) the offense involved the unauthorized public dissemination of personal information, resulting in an increase in the offense level by 2."
He's paying the $818k back so he's a good boy. The fact it was patient data at a medical facility barely registers in the sentencing.
(The other side of the over-focus problem is: 13 year old kid bungles into megacorp's system with no particular malice or profiteering in mind, megacorp overreacts spending $50 million on intrusion reaction. Kid gets buried)