This article is the perfect example of what I have been discussing with clients. In this case an employee was convicted of stealing patient information. This attack and loss did not occur from a remote hacker in the Czech Republic. This was right down the hall from the IT department. If you only watch the entrance then you are missing half the threats. People are motivated by all kinds of things decent people will never understand. Let's lock those exits so the decent people are not at risk.
http://www.scmagazineus.com/texas-insider-sentenced-to-15-years-for-medical-id-theft/article/181255/