[ska]

This is true, and important (air-gapping isn't, for the most part, going to happen)

Specifically speaking to medical devices, there is a bit of systemic bias. Early hospital networks were isolated, and this led to some naive thinking about security (e.g. DICOM protocol has no auth provisions). Many early machines weren't connected to anything at all, then they were but only "safe" networks so not much care taken. Development lifecycles on complicated devices is incremental over sometimes even decades. But now hospitals etc. have lots of pressure to connect all the things, for all kinds of good and productive reasons, and air-gapping just isn't a realistic solution.

It's not an easy problem to solve, especially quickly.

You are starting to see some partial hardening of devices, which will probably be the practical solution.

[jacquesm]

More to the point: almost every safety device installed in medical systems can be over-ridden during emergencies.

So even if you can't normally access certain records or data, if you claim it is an emergency you suddenly can!

[ska]

This isn't true of most hardware devices at least - there are emergency shutdown procedures etc. But, to the original question, there isn't an "emergency override" that would let me change the dose or override the interlocks on received dose.

There are sometimes calibration modes or research keys that let you do odd things to, say, imaging machines. But there are also processes in place to disallow clinical use.