When criminals try to blackmail a company, law enforcement agencies are usually called. Criminals, though, have been more successful at demanding money form individuals to keep sensitive information private, he said.
"We're never going to read about these blackmail and extortion attempts that occur as result of these breaches and it's happening all the time," said Schmidt.
Security researchers have raised the possibility that the Chinese government played a role in the Anthem and Premera breaches. The attack methods used in both hacks have been linked to a group called Deep Panda, which has ties to that country's government.
If a government is behind the attacks, it may not be looking for financial gains or even be interested in health care data, said Schmidt.
"However, they may care about some of the indirect side effects," he said.
For example, a government may indiscriminately collect data assuming that it will eventually find useful information. Governments could also use attacks against Western companies as training exercises to learn how IT systems work. Many businesses use the same technology so their IT infrastructures share similar setups.
"There's a lot of knowledge that's transferable from mucking around a big firm," he said.
Sign up for CIO Asia eNewsletters.