I've worked with anonymized patient data in a litigation consulting context (in the U.S.). I worked at a small consulting firm nobody's ever heard of.
We worked exclusively on air-gapped servers behind several layers of physical security. Even encrypted data was never, ever sent over the public wire.
You don't connect sensitive data to the internet if a single breach is catastrophic. We talk about things like the Target hack as catastrophic breaches, but they aren't. You can change your password or cancel your credit card. You can't change your medical history - once public, it is always public.
We worked exclusively on air-gapped servers behind several layers of physical security. Even encrypted data was never, ever sent over the public wire.
You don't connect sensitive data to the internet if a single breach is catastrophic. We talk about things like the Target hack as catastrophic breaches, but they aren't. You can change your password or cancel your credit card. You can't change your medical history - once public, it is always public.