Re: Anoher obvious solution
Yes, because there's no way that you need to be able to link an MRI scan or a clinical chemistry record to the patient that the results refer to.
The potentially-insecure device should only have a "transaction record" number. Send the device the parameters it needs, along with the transaction number. After the scan/procedure, send the corresponding data back up to your data storage, where a secured and regularly re-evaluated system connects the raw scan data to the patient record. You my need a *secured* terminal for the device operator to confirm the data and the patient are properly matched, but this in no way needs to be connected to the insecured device.
I also expect this equipment should not be connected full-time. Burst transmissions should be adequate; receive the parameters in one burst, send results back in another burst. Firmware updates done with a laptop, checked for cleanliness/security before being brought to the device to be updated, with the device's "burst network" disabled. The less time equipment spends connected, the less chance of vulnerabilities being exploited.