Cyberattack on medical software shows industry vulnerability