In a lab that does clinical work, replacing a single instrument could mean having to re-validate all the tests the lab does, update protocols, get inspections from regulatory bodies, etc... it requires people to spend large amounts of time not doing their "regular" jobs.
Designing a system that is secure is part of the job. Accurately estimating the total cost of ownership is also part of the job.
Ultimately project management and ownership is responsible, but they won't be interested if we don't make our expectations clear.
Downvoting these sort of opinions is just saying it's too expensive to secure some things. To me that means we can'tâ afford to computerize some things in the first place, at least not with the chosen tech stacks.
