Internet-connected medical devices introduce complex cybersecurity risks that challenge the established practice of informed consent. It remains unclear how patients weigh these abstract, dynamic threats against concrete clinical benefits. We present findings from a large-scale (N=2,666) vignette-based experiment designed to uncover the factors driving patient decision-making. Participants chose whether to adopt a connected pacemaker, weighing its enhanced clinical outcomes against potential vulnerabilities. We systematically varied communication factors, including the source of risk information (e.g., clinician, FDA), risk framing, and the details of a subsequent vulnerability disclosure. Our results reveal patient choice hinges on pre-existing physician trust and risk framing. We did not observe any effect from the information's source. We also find initial choices act as powerful anchors, and that detailed disclosures increase security confidence. Our work provides crucial empirical evidence on this trade-off, offering actionable guidance to better support informed consent for life-critical connected technologies.
ACM CHI Conference on Human Factors in Computing Systems