This isn't just a hypothetical scare. Security researchers have demonstrated in the real world how easy it is to hack MRIs, anesthesia machines, nuclear medicine devices, pacemakers and more.
Two security researchers discovered they could access 21 anesthesia, 488 cardiology, 67 nuclear medical, and 133 infusion systems, 31 pacemakers, 97 MRI scanners and 323 photo and communications gear - just from one healthcare organization! They also found dozens of vulnerabilities in other medical devices. Some of the devices weren't even password protected, or had generic default passwords like "bigguy."
The security researchers used "honeypots," fake machines mimicking real equipment, to entice online hackers to attack the machines. And attack they did - there were more than 55,000 successful logins and 299 malware payloads. "These devices are getting owned repeatedly now that more hospitals are Wi-Fi-enabled and no longer support arcane protocols," one of the researchers told The Register.
Some of the flaws were in GE machines, and a security researcher said GE was one of the best medical manufacturers for dealing with bug fixes and interacting with the security community. So hopefully these flaws will soon be patched as manufacturers are made aware. Here's the video the security researchers prepared explaining the medical devices hack.