Holy shit.

Yeah, no kidding. I hope software developers account for this kind of risk.

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD [implantable cardioverter-defibrillators] and then each would subsequently infect all others in range.”

itSoftware is ready to help with security for medical devices running Windows (more than I thought).

Is Windows the predominant OS for medical devices?

No, but it is a player especially as devices become advanced enough to run on x86. Linux is largest. There are also a lot of niche OS's too. Device security is a topic for the future or those who are thinking ahead today.