Good God no! I get where you're coming from but you've clearly not worked in this field. Heath Care IT is a disaster that was CREATED by regulation written in a different era of computing. The whole industry is terrified of making changes because of the multi-year hoops they're forced to jump through to release them; you don't flog a horse for stopping when you pull on the reins.
The correct solution is to change the flawed thinking in our regulations that treats all changes as equally hazardous to patent safety. The government should be encouraging (the right) changes to be released more quickly -- punishing companies for following the rules won't fix anything.
I think there is fault on both sides. Can’t just punish the ransomware authors.
1) Security in healthcare is a shit show. If there are lots of open exploits, there needs to be a fast way for them to get fixed and the software vendors shamed on.
2) when someone discovers an exploit, they shouldn’t have to fight lawsuits. The response to security flaws should not be suppressing them but fixing them ASAP.
3) people shouldn’t have to lose lives to make a point that security is weak and you better pay up for disregarding it.
If the bad actors are halfway around the globe where they have zero jurisdiction, what can you reasonably expect US law enforcement to do? It's a bit like getting mad at police for not investigating your car getting broken into, because you left the windows cracked open.
9/11 also happened spectacularly in the middle of new york. Does that mean law enforcement tried to do something about Afghanistan? Was it the fault of airports to not do a thorough cavity search of each and every passenger?
Our life is to this day in many small ways runs on a contract that others are not trying to kill us. Security check or not.
The correct solution is to change the flawed thinking in our regulations that treats all changes as equally hazardous to patent safety. The government should be encouraging (the right) changes to be released more quickly -- punishing companies for following the rules won't fix anything.