I understand you have been frustrated by technologies that are hard to upgrade, and do not allow those with access to do good things. This isn't a matter of "open access" makes for a better product.
There is a lot that needs to be gone over when medical devices are connected to a network. Some of them having default passwords are an obvious problem. Also with every level of accessibility and interconnectedness comes added complexity. These things are not being designed for.
I think the smart thing from a design perspective is to assume the devices are being used in a "hostile" environment. With the security / ease of modification tradeoff, I would prefer that the devices that directly interface with humans in a health care scenario be more hardened, even if the network is more open.
Keep in mind also, that hardening a device against attack does not prevent those who have access to it from making modifications, upgrades, etc.