It's a little less severe than that. First the device has to support remote management, then the device has to have remote management turned on, and finally the attacker would have to have the device's serial number (which seems to be used as a security mechanism) in order to successfully send the device commands.
Also, if you don't like needles, don't watch the youtube video at the bottom of the post :|
This is assuming you only want to control the pump. If the individual is unable to view any information on their monitor, or their monitor is displaying improper data, it may cause other serious health issues in high risk patients.
Not to mention that some devices may be controlled by the monitoring device and it may require a constant stream of good data.
I agree that not all setups and individuals are at risk but some most likely are.
Also, if you don't like needles, don't watch the youtube video at the bottom of the post :|