I've naively assumed that privacy, data security as well as cyber security are currently considered, analysed, designed and build into medical devices as a matter of their systems engineering...
The next generation of medical devices for domiciliary or ambulatory monitoring will be Internet of Things sensors, linked to a data aggregator (maybe a smart phone), sending data to the cloud, downloaded to the "secure" NHS WAN (in the UK), merged with other data from that patient, and delivered to the physician's desk, then a report is sent back via the cloud again to the GP or the patient. Trace the number of steps along that way, each of which has to be secure. Each of which has its own demands and protocols. Many of which are totally outside the control of the manufacturer of the devices.
Then add this comment from a president of a cybersercurity firm "All government agencies around the world insist that we supply security systems with a backdoor..."
This is indeed amazingly naive. Security should never address a device alone but has to address the system it is part of. The size of the supply chain for medical devices, and the huge variety of medical/health use cases does mean this will be difficult to achieve. I'd note that whilst we have a set of CE marks for medical equipment the tests to be passed do not address security at all. Maybe we can work to make security tests and features for medical devices (including their software) be part of the Harmonised Standards that you have to comply with before placing equipment on the market? It'd be a step forward. I would suggest that we also need to be aware that current medical equipment marking does imply testing for safety in the right hands but that cyber enabled devices may overturn safety if hacked.