Ransom hackers encrypt medical centre's entire database

An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (US$4215) after blackmailers broke into the organisation’s servers and encrypted its entire patient database.

 If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:

1. Why should I make this crime profitable for the attacker? 
2. How do I know they will provide the password and instructions for decrypting the data? 
3. How do I know that if I decrypt the database, the data hasn't been tampered with? 
4.  If I pay the ransom, what is to stop them from increasing the demand lest they publish the data online?
5. What is a better plan for securing the systems and moving on? 

They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.