It is obviously silly to leave computers infected whatever the reasons. The regulation applied here should simply be modified. The article is however interesting for another reason: the scale of the use of internet to connect medical devices and the threat to health this can create. Apparently, nobody has quantified the risk, which is scary when one thinks of the threat to the electric grid that happened a few weeks ago. It actually made me think of Beck's argument in the Risk Society (our use of inadequate criteria to assess risks because the type and scale of risks have changed since the 19th century)
"US red tape leaves Conficker on medical devices " (ZDNet.co.uk, 5 May 2009)
The Conficker worm also reveals that the real and most dangerous threat is invisible. This is particularly stressed in the French article where it is explained that the purpose of botnets is not be noticed, to be as invisible as possible even though the damages can be enormous for the person infected or for others not related.
"Forget Conficker — focus on the real threats" (ZDnet.co.uk, 29 April 2009)
Frédéric Guy (Trend Micro)"Nous identifions 800 à 1300 nouveaux virus par heure" (JDN, 20 April 2009)
"Un botnet ciblant les ordinateurs Mac" (JDN, 17 April 2009) with the scale of the threat being minimum given the few users of Apple
"Le zapping de la sécurité (avril 2009)" (JDN, April 2009)