Traditionally, medical devices have replacement schedules based on mean times for component failures, and not on cybersecurity concerns. This has led to the continued use of vulnerable legacy devices, that if exploited could lead to negative patient outcomes.

Source: Help Net Security