[Kalium]

Updates, remote monitoring and remote management all come to mind. Further, integration with other instruments is something that is sometimes considered valuable and difficult to do when everything is airgapped from everything else.

[jacquesm]

Updates should not happen while a patient is under treatment using the machine. Remote monitoring can be done through an airgap (one way optical bridge) that does not have the ability to influence the machine. Remote management while a patient is being treated sounds wildly irresponsible.

So maybe the system could be connected to the network except for when it is treating a patient. A big red slider with 'On Air/Isolated' could be present which would lock out the patient treating options as soon as the machine is networked. Now, this would still leave some gaps: an update could be faulty, a malicious actor could install something that triggers only after a while or when the machine is used to treat a patient. But it would remove a lot of the concern I have with equipment like this being online all the time.