Re: FFS.
It's a lovely idea to airgap, but the reality is rather less convenient.
Take a simple example, a patient wants to make an appointment to see a specific specialist. In the air-gapped system, they send an email to the secretary on the internet connected system who responds, booking the appointment on the internet connected system.
They then need to move to the air-gapped system, and enter the details (with the inherent risk of copying details wrongly), into the air-gapped system, and book the relevant appointment. But what if in the meantime, someone on the internal air-gapped system has already booked that appointment slot?
Now they have to move back to the internet connected system, recontact the patient, propose a new time, and go through the whole rigamarole again. Massive time lost, that the secretary could be doing other things, or dealing with other patients.
Airgapping is great in certain environments, but in a public hospital where patients need to make appointments, doctors need to access medical records (likely from external sources), as well as access results from internal testing, and bring that data together into one coherent report, as well as all the other work that goes on in a hospital computer network, it is neither practical or possible to create an airgapped system to protect all patient data.
The best you can do is try and lock the system down as much as possible, with proper access levels, etc. and keep monitoring, monitoring, monitoring...