Re: Microsoft being Microsoft then. Another day, another vuln to fix.
"2)Did it even need Windows or could it have just had a GUI that looked and worked enough like Windows that healthcare staff felt comfortable using it (IOW who cared if it couldn't run Office?)"
Originally makers of complex kit that needed to be computer driven had a number of choices. Some would be embedded controllers with their own specialist libraries. Another would be a mini such as a PDP8 or a Nova (I remember our lab having a Nova driving the X-ray fluorescence analyser on an SEM). Back in its glory days of being an instrument maker HP made an amazing variety of these for its own products.
The arrival of commodity computers and commodity OSs rendered that uneconomic. Any manufacturer taking the traditional route would have been priced out of the market. Even if they had they'd have ended up shipping kit that had even less long time support life - where are DEC and DG these days?
The trouble is that as the market for complex instrumentation matures the expected life of the product exceeds that of the computing side. Back in the '70s that XRF attachment might have become obsolete before the Nova was EoL, now a piece of equipment which represents a major investment might be expected to last well beyond the period for which the OS supplier is prepared to support their S/W and the computer H/W may outlast the S/W and yet not be supported by newer OS versions. In such instrumentation systems computer H/W is liable to be closely integrated with the rest of the instrumentation. I think the XRF was using the Nova's memory to replace what might have been an array of discrete counters in an earlier generation and the post by a_builder in a previous thread detailed some of the issues in medical imaging.
Perhaps a solution, at least with medical equipment, lies with the regulatory bodies. They could require a code escrow agreement for the OS code in order to gain approval. That would have required MS to escrow their code if they wanted to sell into that market so that someone else could take over support at EoL. For the most part FOSS already complies with that although vendors supplying drivers as binaries would need to comply or shut themselves out of that market.
For kit that needs certification upgrades are another problem. Any upgrade to S/W that operates the instrument would need recertification. Routine OS upgrades couldn't be applied without testing against a real instrument. Such S/W needs to be buffered against the wider hospital network.
This last event and the earlier attacks on US hospitals point to a need to reevaluate the way medical systems are certified. One aspect of this would be to require information systems, including the network facing aspects of imaging systems etc, to be re-certified every few years and part of that would be to require them to be running of S/W which was still within support life for the duration of the next certificate. That, had it been the norm, would have long ago weeded out system that still require ancient versions of IE; it would have driven suppliers to write standards compliant S/W from the start.