I can, sort of, agree that patient health data is sensitive and should be prioritised for protection over things like their shoe size. </snark>
However, it is interesting that the majority of enforcement actions against healthcare sector providers will be the NHS which means any fines are simply recirculating funds around the public purse.
So it will go like this:
NHS / Privatised trust scrimp money by not spending on security.
Data privacy is breached, ICO action eventually results in a fine.
NHS / Privatised trust then pay fine and go to government for more funding to ensure health care can be provided.
Government use fine to provide additional funds to the trust.
At each stage various leeches will be taking a bit of money out of the system without actually improving patient data security.
Such a wonderful world we live in.