No price or pain is too high...
There's no reason at all to keep either detailed personal identification data on the instantly available internet WAN network or all of our medical data such as diagnoses, prescriptions, etc. But, 'they' all do.
Even attacks like this do not faze corporate execs. Seems there is no price or pain too high to stop them from putting it ALL out there on the table.
The majority of OUR data should be buried on drives NOT accessible to the internet and so conversely only available locally. A real person via phone or in person could verify personal data or dig up summary medical data as necessary and distribute it via voice, real paper, encrypted text etc.
Maybe there would be pitfalls with some of that. But I am sure whiz kid security experts could devise a system much better than what we have now IF they were allowed to do it.
But, governments and corporations all want all the information at their finger tips. And so, it becomes available to criminals.