One of the drivers in hacking for monetary gain is the low likelihood of prosecution. Hence most hacking groups operate in countries that are out of reach of the targets law enforcement. So extorting/corruption is unlikely. Keep in mind good hacking groups are making anything up to millions of dollars, and are looking for least effort opportunities.
The question you ask - what wanker targets a health provider. A lot of ransomware doesn't explicitly target anybody, think of it like leaflet drop. They just drop a bunch of emails and see what bites. To some extent the processes are automated. So when you see these healthcare providers getting hit what has happened is some numpty has clicked on an email link which has led to the ransomware. The first the bad guys usually know about it is when they either get someone wanting to pay or their bots start exfiltrating large amounts of data.
A lot of ransomware systems operate as a service. So you have a guy that writes the code, then sells it to someone who distributes it to others who pay for it (there are usually options like rent it for a month, pay for the program outright etc). It all operates under a proper business model with support and all sorts of good shit. There is that much money involved.
Cert NZ have just released their latest report:
https://www.cert.govt.nz/about/quart...insights-2022/ , have a look at the incident categories. You can see in the actual "hacky" categories there is not much activity.