Medical devices become increasingly connected and thus require security measures to ensure patient safety and data protection. However, such connected medical devices are often reported to lack basic security and to run on unpatched and outdated software. Thus, there is an increasing push to deliver security patches faster and more regularly to devices in the field. In this work, we empirically study current practices of patching connected medical devices by conducting 23 semi-structured interviews with participants from nine healthcare delivery organizations (HDOs) and three medical device manufacturers, also capturing data on actual updating practices for 25 specific medical devices. We find that delivering software updates to medical devices is an laborious and costly process for HDOs and manufacturers, as operational demands for medical use and an increasing need for infrastructure management put significant strain on involved stakeholders, thus rendering it questionable if conventional security patching will actually work in the healthcare sector without overwhelming it operationally and financially.