You can also exploit the thing by opening it up and cutting wires.
Look, this is a medical device. People carry it around with them. Sometimes, a technician may need to make changes to it. They do that by plugging into an ethernet port on the device. Otherwise, it is never plugged in.
Do I need a security passcode on everything that somebody could walk up to? Give me a break. My microwave doesn't have one either.
Once your opponent has physical access to the sensitive medical devices that keep you alive, you're fucked. He could just as well put bleach in the insulin bag.
Except that it has an Ethernet port. With an open Telenet. On a PCA pump (Patient Controlled Analgesia - a morphine drip). Which can kill the patient with the wrong dose.
I think that, in 2015, one can reasonably expect the rudiments of security with a machine designed to deliver accurate quantities of a potentially fatal drug. Sure, it doesn't need to be hardened against every potential exploit but an open telenet port? That's pretty weak sauce. Aside from potentially killing a patient, an addicted nurse / tech (I was going to say doctor but they typically wouldn't know a telenet port if it went up and bit them in the nose) could potentially use this to siphon off the drug for their own use. The things have various locks and passwords to prevent that exact thing from happening.