Healthcare regulations should mean devices have to be thoroughly tested and validated. Full stop.
I don't see how that affects what a device manufacturer chooses to develop next, or when it chooses to do so.
Should a licenced device manufacturer find out a device has been hacked and it's performance has been changed affecting patient safety, then that would fall under the "vigilance" part of a manufacturers obligations. eg
So are scanners etc being let off the hook by not being licenced like heart valves, glucose test strips, scales, treadmills etc or are manufacturers just keeping their fingers crossed.