That was my first thought too. And why there is an anti-virus running? This equipment should not be connected to the internet nor some staff should plug-in a flash drive on the first place.
Could communicate with a gateway bridging a private medical devices network and a public network. That seems a reasonable way to provide control and access.