this is probably machines that handle special hardware.. like MRI, ECG, or monitor for vitals like pulse, blood pressure, blood oxygenation or other stuff like that..
Those machines need to be certified as a whole package and this include the computer that will control it.. and once you certify you cannot make changes to the package without having to certify again..
So you certify the machine with that software on it.. that specific kernel version, that specific libc version and so on.. if you change anything you need to get a new certification..
and now those machines are no longer air gapped because hospitals want to be able to remote monitor the patients vitals from a central nurse station..
> and once you certify you cannot make changes to the package without having to certify again..
Oh you are so naive... You probably wish it worked like that, but in practice it doesn't.
The certification process is completely broken today. First of all, it allows proprietary software / hardware to go through this process (which is the majority of applicants by far). Typically, FDA or similar will ask for company's own research that establishes that the software works with absolutely no way of verifying that it does. They, as well, have no way of ensuring that whatever version was used to produce the research results is the one that's being installed on the hardware shipped to the hospital / patient. Companies producing software routinely patch their software if they discover problems after initial release and don't hesitate to claim that it was approved.
this is probably machines that handle special hardware.. like MRI, ECG, or monitor for vitals like pulse, blood pressure, blood oxygenation or other stuff like that..
Those machines need to be certified as a whole package and this include the computer that will control it.. and once you certify you cannot make changes to the package without having to certify again..
So you certify the machine with that software on it.. that specific kernel version, that specific libc version and so on.. if you change anything you need to get a new certification..
and now those machines are no longer air gapped because hospitals want to be able to remote monitor the patients vitals from a central nurse station..