Heart Surgery Stalled For Five Minutes Thanks To Errant Anti-Virus Scan

from the death-by-horrible-IT-support dept

If you've ever had the pleasure of simply asking one medical outfit to transfer your records to another company or organization, you've probably become aware of the sorry state of medical IT. Billions are spent on medical hardware and software, yet this is a sector for which the fax machine remains the pinnacle of innovation and a cornerstone of daily business life. Meanwhile, getting systems to actually communicate with each other appears to be a bridge too far. And this hodge podge of discordant and often incompatible systems can very often have very real and troubling implications for patients.

For example, one patient recently undergoing a heart transfer had the procedure interrupted for five full minutes after a PC connected to an essential piece of monitoring equipment began a scheduled anti-virus scan:
"According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Fortunately, the patient was sedated, and the doctors had five minutes at their disposal to wait for the computer to finish rebooting, start the Merge Hemo application again, and complete their procedure without any health risks for the patient."
Fortunate, since "death by shitty hospital IT support" doesn't sound like a particularly fun way to go. The filing with the FDA by the company in question (Merge) notes that the blame was the fault of the hospital's IT support, who ignored software instructions that state the folders being used by Merge's software should always be whitelisted from any anti-virus platforms:
"Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly."
Here's the thing: aging systems and shoddy medical IT support are the least of the medical industry's problems. The biggest problem continues to be that medical technology security remains little more than an afterthought, leaving underfunded IT support frequently outgunned. That has resulted in a major wave of ransomware attacks that in some instances have actually forced hospitals to revert to using paper only while they get sorted out (underfunded school systems have been having a dramatic uptick in similar attacks).

And as Internet of Things companies push hospitals to embrace even more sophisticated technologies, you can expect things to get worse. After all, this is a sector that can't even secure doorbells, refrigerators, thermostats or even tea kettles. What could possible go wrong as these technologies are introduced into an already marginally-competent medical IT sector?

Filed Under: anti-virus scan, computers, heart surgery

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    John Fenderson (profile), 14 May 2016 @ 1:59pm

    Re: Re: One correction

    Truly good IT departments are very rare, and very often companies that have them are completely ignorant of their value or even consider them to be a nuisance.

    In my experience, the problem IT departments face is twofold: first, they don't directly generate revenue. There's no line you can point a bean-counter to that says "here's the value to the company". This means that they are often viewed as a drain on resources that is to be minimized, rather than the essential utility that it actually is.

    Second, if an IT department is excellent and doing its job properly, then there will always be clashes and people pissed off at them -- particularly management, because much of their interaction time will consist of raising holy hell in opposition to some stupid idea or another.

    It means that being good at IT is as much a political thing as a technical one. Setting up a new network copier is technically easy, but that kind of thing is often littered with various political mines.

    Bad IT departments just give up on the political battles and do the minimal amount they are required to do to keep their jobs. You can spot these pretty easily -- the people in these departments just look defeated and cranky.

    I have immense respect for good IT people. I wouldn't last a month in their shoes.

    As an aside, when I am evaluating a company that I'm unfamiliar with, the three most valuable things I can learn to get an idea of the company's character are what the custodial staff, the secretarial staff, and the IT staff think about how the company runs.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.