[flukus]

Was there something wrong with having a serial connection to another device that handled the reporting like every other machine?

>I am in no way justifying the lack of security but I think its important to understand that its unlikely to be opened up for a free for all connected to the public internet.

Considering hospitals and technology I don't think this distinction matters much. There only line of defense seems to be isolation but things like wireless devices are becoming more common.

[detaro]

> Was there something wrong with having a serial connection to another device that handled the reporting like every other machine?

From the manufacturer docs, that is the most common option for these things: https://www.miele.de/media/ex/hk/Professional/CSSD.pdf

Slightly cynical answer: In medical environments? Then the device on the other end of the serial connection is probably vulnerable and/or horribly outdated, either by being an embedded device made to the same (lack of) quality standards, or by being a desktop PC running Windows 2000, or software requiring to run as Domain Admin for no good reason, ...

[flukus]

I would hope it's one way link, so the PC may be compromised but the operation of the machine wouldn't be.