From what I've seen, a lot of data leaks occur due to either design issues (insecure API endpoints, etc.) or just carelessness in handling passwords and authorization - something that encryption may or may could have prevented. IMO the real issue, that is very easy to solve, is the keeping of unnecessarily large amounts of personal data. The value of knowing SO MUCH about people does not completely outweigh the risks involved in my opinion. May not be relevant in this specific case, since it's about a hospital - but with any other actor, there is very little value added in keeping track of every little detail about us.