I am now of the mind that anything that is vital to care should never touch a network
This is the thing that baffles me. The devices I worked on weren't crazy-sophisticated - well, maybe they were. Rate-sensitive pacemakers with sensing shock-pace atrial defibrillation are pretty sophisticated. Funny, I typed "most sophisticated implantable devices" into Google and Business Insider (because of course Business Insider) threw up a list with worthless shit like breast implants but they also topped their list with ICDs and ran with a picture of the very one I helped design.
Now. The internals of that device have probably changed. But probably not that much. The externals are identical to what I worked on. In 1996. In that amount of time, the device has gone from being an InControl to being a Guidant to being a Johnson & Johnson to being a Guidant again. And in that time we've gone from IR wireless to bluetooth to wireless USB to wifi to NFC.
If you had that thing put in back in '96, our models suggest you're ten years dead. BUT it's not unreasonable to expect medical professionals to interact with ten-year-old technology, either. My grandfather had his hip replaced in '89. He had half of it replaced again in '09, with the same model from the same manufacturer, so that they only had to fuck up half as many bones getting it back in.
I have no idea why you need to future-proof a device with an anticipated life of under ten years needs software updates, especially considering they're not exactly sophisticated by the standards of modern computing. I mean, you're gonna have to get physical access to it in order to change the battery every 5-7 years anyway.