Earlier today the DHS ICS-CERT published their first advisory for a specific vulnerability for a medical application, the Philips Xper application. The heap-based buffer overflow vulnerability was reported by Billy Rios in a coordinated disclosure.
ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability and execute arbitrary code on the affected device. According to the Philips web site, the Xper application is used in a variety of medical monitoring, diagnostic and medical work-flow devices.
Phillips has produced a an update for XperConnect that Billy Rios has confirmed mitigates the reported vulnerability.
If past history is any guide (and I certainly expect it to be) then this will be just the first of many medical device or application advisories that will be published by ICS-CERT.