Agreed but the biggest threat is people at companies, hospitals etc. clicking on email links from people, companies they don’t know or use simple passwords.
Some of it, as we recently experienced, is from inside employees using and selling patient’s data.