Having just returned from an unwilling stay in an NHS hospital, my concern at this exploit is pretty much zero.
There are plenty of patient monitors, IV pumps etc. with an option for network connectivity. And absolutely zero actually connected ones.
The vast majority sit there on a stand next to the patient with an uncancelled alarm bleeping its life out. An earache for the patients but I don't think the staff even hear them : they bleep so much they just block them out.
This makes me very unhappy. It's like a compiler warning : if you habitually ignore it, how will you see the one that matters ? The blame belongs equally between overworked medical staff and unthinking manufacturers who make their systems bleep by default at every little whimsy, but good system design it is NOT. And danger from unprotected network ports irrelevant.
Perhaps in some big american hospital that can afford a monitor for every bed (only a few % need one) they do plug them in. I suspect not. And maybe wifi versions are coming, but if notification over wifi to a central monitoring console is their thing, I won't be a customer.