Healthcare techy person here - this is probably not going to be a big deal, with one major exception: if someone decides to use this as a feature in some really goddamn scary ransomware.
You’d just have to implant it on one device that’s connected to the same network as the monitors. I should point out here that I have never seen these monitor systems physically locked down, mostly because they have to be in highly-visible areas. Otherwise there’s not much point, y’know? (And besides, I can all but guarantee that these can be accessed remotely; hospital networks are very poorly locked down)
But anyway, imagine a software that actively and randomly spoofs vitals and heart rhythms. It’d be an absolute disaster, especially in ICUs where people are trained to respond quickly and decisively to these shifts. In many places, you’d carefully adjust some drip (that has a very narrow therapeutic range) based on those monitors only seconds or minutes after seeing a change, and then adjust more if the patient’s not responding to it. You could kill a bunch of people in minutes or hours just by futzing with those areas.
And so you could really have a hospital over a barrel if you loaded this ransomware on their network; where you can take time to consider and respond to a handful of ransom’d workstations, you’d be forced to respond almost instantly to give in to attacker demands, no matter the cost, if they were threatening to murder people if you didn’t - and the family could probably sue the hospital, and win, if they refused to do so. Because it’s their fault for not locking their systems down, after all.
