Multiple reasons why somebody would target these servers (BTW: I was at the talk. Their video is at http://www.irongeek.com/i.php?... . )
Anyways, IMHO, reasons:
1) As a gateway into the hospital so you can pwn servers to DDOS others
2) As a gateway into medical records so you can better phish, or possibly blackmail your targets
I have an ssh honeypot analyzer at longtail.it.marist.edu at Marist College and it shows that the second most popular account after root is "admin", and that the most common account/password tried is ubnt/ubnt.
Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.
A) It should only update bash
B) Also run yum -y update bash
C) This has been discussed for years, and the general consensous has always been it's better to not patch their systems (allthough I disagree with that. If you left your system open, you're just asking for somebody else to patch it for you, IMHO)
Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley