Which is why...
When I have my MANDATED electronic medical record, I'd prefer it to be administered by a BANK. From the looks of it, they have a clue!
Remember, some of the medical devices are run by Windows 98 instances, and can't be updated (so it is said) unless they go through a bunch of hoops from the FDA to get it approved. So, the vendors just stand by and don't do much. Meanwhile the operator (health clinic, etc.) just connects it up the the internet, and some unsuspecting technician starts browsing the web, and the whole thing is compromised.
Now that WinXP is being cut off I suspect the same thing will happen there. So, one should be careful the next time you go in for an X-ray.