> If profit were the primary motive, wouldn’t you expect non-profit institutions (both healthcare and otherwise) to be in much better shape from a cybersecurity standpoint?
I will respond to that partially: where profit is not a primary motive, i.e. in countries where healthcare is public, it tends to be centralized on federal or regional level, and, as such, much of the IT and cybersecurity is a lower, shared cost incurred by the government.
So if I understand your point correctly, it’s not necessarily that removing the profit incentives directly improves the outcome but rather the improvement is attributable to a better economy of scale?
I will respond to that partially: where profit is not a primary motive, i.e. in countries where healthcare is public, it tends to be centralized on federal or regional level, and, as such, much of the IT and cybersecurity is a lower, shared cost incurred by the government.
Taking my native Poland as an example, there is a single country-wide portal available for patients (http://pacjent.gov.pl), as well as a single, centralized API for doctor/hospital software (https://cez.gov.pl/interoperacyjnosc/interfejsy/) and a bunch of helper systems (https://cez.gov.pl/projekty/nasze-systemy/project/rejestr-as...). Naturally hospitals would have their own 3rd party systems, etc., but the tendency is to unify everything, which logically reduces number of attack vectors.
Hopefully someone with a better experience in the field can attest to that.