I’ve actually seen medical offices setup similarly. Some random computer in a back office with all of their patient data on it, completely exposed to the internet, protected by nothing but a few firewall rules limiting the connections to a few IP blocks. Just so they can share information office-to-office for say… a root canal and dental crown to be done on the same day, but at 2 separate locations due to limited space.

I’d run out of fingers if I were to count the number of times I’ve seen similar setups, 3-4 toes would be needed at least.