Minimal social engineering plus a weak network security infrastructure is a disaster waiting to happen for any major medical facility.
You forgot to mention probable political infighting. And maybe inexperienced leadership. My favorite snippet from the article is: Dr. John Halamka, the former emergency-room physician who runs Beth Israel Deaconess Medical Center's gigantic computer network. Is a physician, after years of medical school, internship, residency, etc. the right person to be in charge of a "gigantic" computer network? Are arteries and veins the equivalent of fiber and CAT-5? I'd love to be the Cisco rep selling $3 million of new network equipment to this guy. What is the probability that he as ANY idea what "spanning tree protocol" means?