This is my paraphrase to an interesting security-related article here. Hospital IT Departments are impatient in applying the latest security patches not screened by device manufacturers and risk being in noncompliance with HIPPA requirements. Device vendors not releasing latest patches risk losing FDA certification. While this article deals primarily with M$ software in medical devices, the situation theoretically could involve FOSS.