Comment by TheJoeMan

The issues are not technical, they are documentation and certification. Here is the specifications for medical device software [1] [2]. You can either keep using a legacy (windows-based) software package, or find the need to verify/validate the entirety of linux and all drivers and packages (software-of-unknown-providence aka. SOUP). You then have to devise a patching schedule/methodology, as right now you just tell the end user to apply the Windows security patches if they’d like. This is a high-cost that is hard to argue for despite the obvious advantages.

[1] https://www.iso.org/standard/38421.html [2] https://en.wikipedia.org/wiki/IEC_62304