This has always been one of my nightmares, and it came true:
A New Zealand medication charting platform used by numerous providers was hacked. But not only was it hacked, but the attackers also changed some patients' names to "Charlie Kirk," and changed other patients' records to "deceased."
There has been no report of any extortion attempt.
#MediMap started investigating on Sunday afternoon when problems were first reported.
"...Medimap...did not have two-factor authentication..."
--nurse in affected facility
Of course, it may have, but by a mechanism unknown to the staff. But usually those mechanisms are a downgrade to accountability for the sake of convenience, like allow-listed IP addresses.
@hal8999 Ya know, we can get into MediMap's security failures later, but there is no excuse for what morally bankrupt individuals did by corrupting patients' medical records.
Dissent Doe 
hal8999