It really depends on the type of security app that is used. Every type of situation is different, so there is a choice of what type of security software is best suited for each particular case. In hospitals, I presume it has different configurations on how to handle matters of security. So, again, it depends on the IT department that has control over these matters. Panda Adaptive Defense, Kaspersky' Endpoint Security, etc., might not be suitable with that kind of environment, so the IT department must choose a security software that suits the hospital environment.It will and it does. It's a dynamic environment. Sick people are getting analysis results on flash memory and cds, all with different apps. There's not an IT department in the world that will FIRST invite the patient to their PC and whitelist the app, propagate the changes and send the patient back to the doctor. I work at one of those institutes, i know.
It's not one size, fits all, after all. I'm not saying that there won't be problems. There will be. But the security software must always be suited to the specific type of environment.