You are correct, it is probably a forgotten debug procedure, but it could be used as a way to gather data. A succesfull breach is almost every time takes use of multiple flaws (accidental or intentional). This could be one. Even if the IP address in the code is a private one, an attacker could set up an NFS server inside a hospital and route that single known address (using other vulnerabilities of network devices for example) to his device. And that is why the IP isn't made public. So this is a big deal.

You are correct, it is probably a forgotten debug procedure, but it could be used as a way to gather data. A succesfull breach is almost every time takes use of multiple flaws (accidental or intentional). This could be one. Even if the IP address in the code is a private one, an attacker could set up an NFS server inside a hospital and route that single known address (using other vulnerabilities on network devices for example) to his device. And that is why the IP isn't made public. So this is a big deal.