One of the reasons we want to secure our network is to prevent the theft of data. The data we are most anxious about losing is the health or identification information of our patients. There are rules in Australia about when a data breach has occurred and what needs to be done.
Guidance is provided here .
The rules in the USA are more strict. Guidance is here .
Now most ransomware attacks are not motivated by theft of data but rather the extortion of a ransom. Even so, in the event of a security compromise, a framework must be used to determine whether a breach has occurred.