The attack steps seem to be the same in most of the attacks that can be summarized to the below steps:

1. Reverse engineer the medical device and communication protocols.
2. Identify vulnerabilities that can be easily manipulated.
3. Utilize more powerful devices in terms of their communication range or manipulate the stipulated communication device's message packet. 
4. Medical device attacked!

Lets jump from Defibrillators to Insulin Pump which is another device that has been subject to attacks - Hijacking an insulin pump. To specifically notes most of the required hardware including the medical device was off the shelf. Summarizing:

• Experimental setup of attacks: USRP, glucose meter, insulin pump and remote control. Software: GNU radio for intercepting radio communication using USRP. Frequency of communication is public thus daughter boards and antenna are of that frequency. Modulation scheme is detected by down-converting it to near baseband. Packet format and ID is found by eavesdropping on the communication and intercepting the data packets. Generally data packets for an insulin pump are: Device type-Device PIN-payload information- CRC-end pattern.
• Attacks can be without the knowledge of PIN like DoS, privacy invasion etc. and with the PIN. USRP, setup can trigger active and passive attacks. Passive for signal knowledge and eavesdropping and active for control of pump.