It is worth remembering that hackers trespass into private property, be that property a military, personal or NHS computer. If A steals X from B we call it theft. Yet by accessing data to which he is forbidden or ought to know he is forbidden access, is theft, however one likes to dress it up. It would be one thing had he accidentally accessed private property, but my understanding is that he did so willfully. He thought he was above the law. The crucial question is surely whether his willful act was the consequence of rational intent or the result of mental illness. If the latter, he should be treated. If the former, he should be punished. When hackers access your bank details you don't question if, typically he, ought to be punished.
Now diverging onto the issue of NY courts refusing to extradite IRA terrorists, we could of course have followed their example, finding a misplaced comma or the wrong colour ink being used as a (frivolous) ground for rejection. Personally I think he should be extradited. Like the bankers who expected a very short custodial sentence if they were prosecuted in the UK, but were fortunately (despite protests from fellow bankers who hoodwinked the public into backing their case) extradited and punished. Those who expect trivial sentences because they happen to belong to a profession or come from the similar social strata as the judiciary and those who believe that their criminal activity is somehow OK because it takes place in hyperspace are wrong and should face the same treatment as ordinary people. Remember, there is little moral difference between distributing child pornography and hacking. They are legal relatives.