From ARS Technica:
“This large-scale compromise of an aging operating system highlights the risks posed by leaving such systems in operation,” Martin Lee, a threat intelligence technical lead in Cisco’s Security Intelligence Operations group, wrote. “Systems that are unmaintained or unsupported are no longer patched with security updates. When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied.”
The security problems discussed in the linked article are similar to the issues dentists face with Windows XP. Unmaintained or unsupported operating systems are a security risk.
The risk posed by an XP machine hidden behind an up to date server and firewall is minimal but there is a risk. In dentistry we have the added issue of HIPAA. It is a security breach if dentists fail to identify and fix a known security flaw.