Heart Surgery Stalled For Five Minutes Thanks To Errant Anti-Virus Scan

from the death-by-horrible-IT-support dept

If you've ever had the pleasure of simply asking one medical outfit to transfer your records to another company or organization, you've probably become aware of the sorry state of medical IT. Billions are spent on medical hardware and software, yet this is a sector for which the fax machine remains the pinnacle of innovation and a cornerstone of daily business life. Meanwhile, getting systems to actually communicate with each other appears to be a bridge too far. And this hodge podge of discordant and often incompatible systems can very often have very real and troubling implications for patients.

For example, one patient recently undergoing a heart transfer had the procedure interrupted for five full minutes after a PC connected to an essential piece of monitoring equipment began a scheduled anti-virus scan:
"According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Fortunately, the patient was sedated, and the doctors had five minutes at their disposal to wait for the computer to finish rebooting, start the Merge Hemo application again, and complete their procedure without any health risks for the patient."
Fortunate, since "death by shitty hospital IT support" doesn't sound like a particularly fun way to go. The filing with the FDA by the company in question (Merge) notes that the blame was the fault of the hospital's IT support, who ignored software instructions that state the folders being used by Merge's software should always be whitelisted from any anti-virus platforms:
"Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly."
Here's the thing: aging systems and shoddy medical IT support are the least of the medical industry's problems. The biggest problem continues to be that medical technology security remains little more than an afterthought, leaving underfunded IT support frequently outgunned. That has resulted in a major wave of ransomware attacks that in some instances have actually forced hospitals to revert to using paper only while they get sorted out (underfunded school systems have been having a dramatic uptick in similar attacks).

And as Internet of Things companies push hospitals to embrace even more sophisticated technologies, you can expect things to get worse. After all, this is a sector that can't even secure doorbells, refrigerators, thermostats or even tea kettles. What could possible go wrong as these technologies are introduced into an already marginally-competent medical IT sector?

Filed Under: anti-virus scan, computers, heart surgery


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 13 May 2016 @ 3:00pm

    Re: Re:

    In principle, I agree that a system "in use" should have different rules. The problem is that "in use" is difficult to recognize without domain specific knowledge. For example, what if this heart monitoring application was designed to a read specialized input device, render the results on a screen, and do nothing else? The doctors would say it is "in use" as long as they are relying on its screen to report patient statistics. The general definition used by Windows would say it is "in use" only if someone recently moved the mouse or typed on the keyboard. If the screensaver is disabled, the doctors might "use" the device for hours on end without touching it.

    The problem comes down to using a device that is inappropriate for the task at hand. Trying to define extra rules to compensate for the inappropriateness is an ugly workaround, not a fix.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.