It is a matter of whether the threat actor has sufficient resources (both staffing and financial resources) and the motivation. The real question is about the likelihood of a threat: an always-on internet-connected medical device will have a very different threat profile than a medical device that requires direct physical access.
Great question! We don't have an answer ready for you right now. If you would like to help the community grow and learn please consider submitting this question to our Impact Creators. We will be posting answers to popular questions asked by the community as they become available.
Thank you for submitting your question!
Do you have a question for the IEEE Impact Creators?