Due to the cost of replacing expensive medical devices such as infusion pumps or network connected MRIs, healthcare organizations typically keep equipment until it no longer works. Unfortunately, this means that these devices remain vulnerable and a possible opening for malicious attackers.
The fear is that, beyond freezing systems or hijacking medical records as they did during WannaCry, hackers could also actively manipulate medical equipment to harm patients by, say, administering a lethal dose of medication via an infusion pump. While newer devices aren’t ironclad, they are typically built with more robust security features.
Under a proposed new program "health-care providers would be compensated for junking old equipment, and could use the rebates toward the purchase of new devices." And, in April 2018, the FDA took steps towards incorporating a security review into any new device's premarket review with the Medical Device Safety Action Plan.