You’re infected ISP page
Presumably it would not be difficult for ISP’s to have a group on their proxy which they put infected sources into. That then redirects them to a landing page, and restricts access to everything but Malware/AV vendor domains. The landing page could have a message directing them to resources to clean/check their devices, and a way of confirming that they’re clean.
Each time they are put in this group, it takes a bit longer before they can get access to the internet again. That should quickly encourage them to deal with infected / vulnerable device. It would also stop people selling vulnerable IOT devices eventually, if this was enforced by law on all ISPs...