"Hospital CIOs clearly recognize that networked medical and wearable devices present security soft spots. However, with limited resources and a host of new regulatory and business challenges to prioritize, reducing the threats presented by medical devices is very likely remain low on their lists. Cybersecurity remains secondary to medical purpose, even if cybersecurity could result in severe injury or death. Without actual penalties for noncompliance, it’s unclear whether device risks will rise above other competing health IT priorities. Patients deserve better."