While I agree with your sentiment about doctors (after all, their expertise is medical (chemistry, bio), not technical). However, I am betting that your comment about hospital info security is borne from not having worked in such an environment.
Having run the IT side of a hospital's foundation, and having to interface with their network security, I can say that most definitely they are very competent with data security. Now mind you, this is in Canada -- but I doubt the competent sys admins are only born north of the border.
Hospitals (and the several sys admins I have known that run them) are very much on top of their game -- even the the point of being a pain in the ass to work with (which is both good and bad). Many doctors and nurses absolutely hated the arcane network security protocols in place, but they worked, and the hospital network maintained triple-9 uptime.
Take my anecdotal evidence with a grain of salt, but from my experience, hospital networks are QUITE secure.