The story that vendors spin their customers about FDA approval an security updates is untrue.
The main reason they put it out is that it helps reduce their costs.
If you read the FDA advice at http://www.fda.gov/RegulatoryI... and at http://www.fda.gov/MedicalDevi...
The key piece of advice is If manufacturers chose to use OTS software in their devices and vulnerabilities in OTS software can affect the safety and effectiveness of their networked devices, they have to act to keep their devices safe and effective.
Locking their devices away behind firewalls is great, but you should also provide copies of the above documentation to the vendor and ask them how they act to "keep their devices safe and effective". Make sure your legal staff are involved in asking the question, and see how quickly their advice changes.
Oh - and if you want bonus points in this - make sure that your purchasing people are across this issue and the question is asked during all procurement exercises, and that the contracts and specifications stipulate that the vendors are accountable for doing so.