The following link was included in the most recent RISKS Digest.
I reckon that similar reasoning may apply to Internet-connected,
HIPAA-sensitive systems, even if well firewalled.
Banking's big dilemma: How to stop cyberheists via customer PCs
In online banking and payments, customers' PCs have become the
Achilles' heel of the financial industry as cyber-crooks remotely
take control of the computers to make unauthorized funds transfers,
often to faraway places.
"I wouldn't recommend banking online with Windows."