Malware issues have often been trouble for long periods of time before their revelation to the general public according to various news items I've now and then encountered.
By way of example, we just received notice by mail here in November that our medical records had been exposed to hackers last spring. That was at least six months ago and six months before someone finally decided to tell us about it. Thus my long standing distrust of doing business on the internet which I consider to be inherently insecure.
My alleged paranoia seems to have been validated.
Being a plainclothes cynic, I cannot help but assert the following.
I am not comforted by any promise(s) that on-line security measures of any institution can be guaranteed to be effective based on a Corporate Retention Of Cryptographic Keys (CROCK). Such a system would be require a Numerical Units Transfer System (NUTS) which I would see as inherently insecure.
On the British television program "Yes, Minister", Nigel Hawthorne played the role of Secretary in the government's Department of Administration (DOA). I think that a similar operation in the US would probably be called the Department Of Official Facility Usage Services (DOOFUS).
In a more serious vein (Yes, medical records are a part of this.), any institution be it medical or financial or anything else might have the latest super-duper, top-of-the-line, extra-fine, rise-and-shine anti-malware resources themselves, but this kid is sitting with a mere desktop PC with an anti-malware installation (Norton, McAffee, Eset, WinZip, etc.) which gets updated every now and then, but is merely that one tool in which I do not have confidence in its impenetrability.
Publicized breaches aside, I am not willing to take that risk of breach right here in this room.