Agreed. The organization would likely get fined for a breach, not the engineer. I work a senior IT role in Healthcare and I've seen what breaches look like. I've never even heard of someone going to prison, let alone for what this story tells.
Yeah to go to prison you have to really screw up, in a way that is malicious and willful. Though the CEO driving over to his MLM buddy with a thumbdrive of PHI might do it.
