The FDA didn't do away with the regulations, it just stated that it won't enforce them, which means that from a network security standpoint, hospitals have more freedom to alter them in order to better secure them as network-attached devices. Even if those alterations adversely affect their functioning, the danger to patients is low, according to the FDA reasoning.
As part of its investigation, TrapX showed how it could compromise a particular blood-gas analyzer and use it to pivot to other devices on the target network. The NOVA Critical Care Express was the device, which used Windows 2000 as its operating system.
Enriquez says that he hasn't seen it in practice, but ransomware criminals targeting common operating systems could go after medical devices that use them, encrypting them and demanding payment for keys to unlock them.
Sign up for CIO Asia eNewsletters.