I'd say more likely it's labs, hospitals, and other scientific stuff where you have to deal with old instruments cause lack of money. I'm fairly certain the military uses some other OS, I believe NATO uses Solaris for example.
Also that machine only works under very specific circumstances, so you fear changing anything in case your entire protocol breaks and you have to start from scratch.
As a former banker I can tell you that most ATMs run Windows NT 4.0.
However since the network is completely clamped down and the OS boots via network as well (no hard drives in ATMs), they are pretty secure.
I've also indeed seen some Windows XP terminals in use just lately - one in fact in a hospital my current company collaborates with - but it's isolated and used to run some sequencer that was never ported to a 64 bit architecture, and apparently doesn't run in compatibility mode either.
The current company that owns the old model installed in your hospital and sells the new version, bought the company that bought the company that made the version you have and can't update the firmware and code to work on a modern OS because all knowledgeable staff were lost in the buyouts.
The best they can do is sell you the new version that does the same thing your current working version does for $500,000.
Maybe they even have a new ecosystem that they want you to move to, because they don't make support/subscription revenue with the current stand alone server that moves the image or telemetry results from the machine to the viewing workstations and records database.
If the U.S. military is anything like it was in the 90s, they may very well still be using Windows XP for all kinds of things. My mother-in-law ran an army reserve center through the late 90s and they were using DOS machines well into the Windows era because the army wouldn't update their computers.
I highly doubt it. I work for a large bank, and it's all W10/11 due to the need for continuous security patches/currency updates. Large banks don't mess around with EOL software that has a risk of vulnerabilities
And medical.
Suppliers if CT, MRI and X-Ray gear are notorious for wanting to sell new gear and not providing software updates to work on new operating systems.
Mainstream support ended 15 years ago. Extended security support ended 10 years ago. The last version to have any kind of update at all was their embedded OS version for things like cash registers, with the last security update 5 years ago.
So it's wildly insecure against any new attacks targeting an OS that's largely used by major corporations, governments, and medical facilities that are juicy targets for theft and ransomware attacks.
It's moreso that they have some abandonware that only works on windows XP.
Windows XP itself is abandonware and you shouldn't use it in any other case, just use Linux if you don't like newer windows. You certainly aren't doing any photoshopping on XP nowadays so that's no concern.