It’s not hard to do that by accident if you have a complex network. Say you have SNAT set up and a pool (or, more likely, various pools) of IP addresses that are allowed to do SNAT. Oops, you don’t have MAC filtering and some help desk mook with too much access but not enough knowledge changes the IP address of a device and boom, now you have a potentially-fatality-causing medical device on the open internet.

Just as with lab escapes, that kinda shit happens all the time.