[Balgair]

> not to mention software updates.

Updates of any sort to the SW are generally very difficult to do. The certification process for any medical device is hard enough, let alone for implants, let alone for life-critical implants, let alone the recertification process for an already implanted life-critical device. This is why you'll see sonogram machines running XP still, completely disconnected from the larger internet [0].

The questions listed are mostly already considered and have many mitigation strategies per the regulatory agency in charge. There are many other questions that people like the FDA demand answers to.

One thing about the business side is that risk/reward ratio. In medical development, FDA authorization typically occurs at the 10-12 year mark for a product (though it varies widely). Meaning that your start-up only gets the go-ahead to make money after about a decade of investment. That said, once you get to sell, you have an effective monopoly on the market. Hence the costs of new drugs and devices being so insanely high; it's that risk/reward imbalance on the business side.

[0] Another reason why IoT medicine is very difficult, among many.