(no title)

> What do you think?

I don't understand why this apparently seems so obvious to you. I think I would need more information about the attack, the hospital's preparations for such an attack, and the legal and industry-standard security expectations for such a hospital.

The simple fact that an attack took down a hospital's computer systems is not sufficient to conclude that the hospital was negligent in its security. Surely a sufficiently sophisticated actor (e.g. a state) could take down the computers at most hospitals if they chose to.