[bagacrap]

It seems the biggest reason they're a weak spot is that the data they store make them a target. Retailers are also weak on security -- really, I wouldn't trust any company that wasn't a specialist in the space, i.e. finance and tech -- but most entities don't know so much about their clientele. Retailers don't need to keep as much info as they do (aside from profit motives), but hospitals probably do, so I can see this being a vulnerability that's never closed.

[sidlls]

The data they have are sensitive, but that's just the reason they're a target. They're a weak spot because of poor security practices, which is due to poorly managed IT organizations, which is due largely to the egos of administrative management and poor funding.

[chapium]

Honestly I have to completely disagree. Security is simply bad.

Hospital IT depts are pulled between many competing interests which lead up to this.