This article argues that medical theatres and hospital systems should be treated as Operational Technology (OT) environments rather than traditional IT. It highlights how flat networks, embedded legacy systems, and an overwhelming focus on availability over security create critical vulnerabilities. The piece calls for a shift in governance, risk modelling, and procurement practices to align with the cyber-physical realities of modern healthcare infrastructure.