I worked on an enterprise product in the 2010-2014 timeframe. We were a huge enterprise company that got acquired by an even larger one; all of our customers were on the Fortune 500.

Our product supported IE7 at the time and let me tell you kids... that is trouble you've not known.

I got so fed up I just said I wasn't going to look at IE7 bugs anymore and wasn't going to invest any time in it. My decision snowballed and eventually that snowball led to dropping IE7 support across the whole organization. It turns out everyone hated it.

Sometimes you've just got to push for it and tell customers that's what you are doing whether they like it or not. We just told our Fortune 500 customer base IE7 support was dead, get over it. And they did.

The same way we convince any other industry? Don't provide new features to old browsers. Include the costs of doing business with older browsers accurately enough in your support contracts (especially don't undervalue your time, workarounds, polyfills, etc). Find ways to help your clients with upgrade assistance (are there IT contractors you can recommend to your clients that they might hire for short term upgrade projects, such as maybe helping them upgrade vendors who are possibly even your competitors?). And so forth, anything to better help your clients understand (and incentivize) not just the obvious security risks but the economic trade-offs in supporting older tools/languishing in the supposed "easy" status quo.

I can't tell you where the magic ROI line is for you. Maybe you have to make the hard choices like "If we go this route [only evergreen browsers], we lose ~16% of our customers immediately, but we add X% feature/stability/maintenance improvements to our remaining ~84% customers, and hopefully one day we'll see at least some of those 16% come back to us the next time they get a chance to upgrade, likely in Y years." It's a business decision, and you don't always have to meet customers where "they are", you can make the tough calls and ask your customers to meet you in the middle. How angry that might make them, and how much business you might lose, is always going to be something you have to determine with your market in mind.

Its not just YOUR product though - its the entire suite of products that medical institutions use. Be it the EHR, the patient management, the radiology, the cardiology system - each one deals in IE11 instead of a more modern tech stack. So if you end up being the outlier your product is more than likely going to end up being cut in preference for something with fewer features even.

It's certainly not an easy bootstrap problem (by way of a mexican standoff). It's possible many of those projects individually are just waiting for the first to take the first risk and move forward so the rest can just claim to be following someone else's lead. To badly mix metaphors: a rising tide floats all boats, it's just sometimes you have to be the first to remove your finger from the dyke to raise the tide.

Like I said, it's always going to be a calculated risk, and I mentioned that losing customers is certainly a risk involved. Sometimes a small loss of customers is an acceptable risk.

There are mitigations for such risks such as making sure that "fewer features" alternative is your own (at the right maintenance costs), but also including taking things to standards/regulatory boards. Using out-of-date software is a HIPAA risk and an ethics risk. There are ways to convince HIPAA enforcement auditors and/or groups like the AMA that it is too much of a risk, or too unethical a risk and that some sort of upgrade horizon should be spread across the industry. That's not easy either, but it's not impossible, and it's probably a good idea in general in the long run (the regularity with which Day-0 vulnerabilities are disclosed would give a lot of weight to the risks of falling behind on software upgrades, for instance).

I'm working on a product that's directly targeting these customers. Just last week implementation had a call with a customer/potential customer about IE support. We just said no. They backed down.