In the model researchers studied, transmissions from the defibrillator to the bedside monitor are not encrypted, which means that someone intercepting the transmissions could retrieve such data as the patient's birth date, medical ID number and, in some cases, Social Security number.
Okay... Let's start with, what the hell is a pacemaker doing with that information? I can see where some of that information might be in the monitor, but I can't see ANY reason someone's SSN would be in it.
Now, they do bring up a better issue later on, someone could hack the machine to kill someone with one. That's an excellent blackmail plot, kill a couple of people and then do "send us this much cash or we'll shut yours down" or if you're of a terrorist bent, build a bollix to trigger every single one in the transmission radius. I imagine that could cause complete havoc.
(and yes, I know it's not a pacemaker, not the point)
not really an update: Please don't send DHS crawling up my ass over this, if I could think of this without even blinking hard, someone else could too, and they likely have the networking know how to actually do it, which I don't, so please DHS, go bother the people actually looking at stuff like this.