Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security Software Operating Systems Windows News Build Science Technology

Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com) 266

An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.
This discussion has been archived. No new comments can be posted.

Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan

Comments Filter:
  • No problem (Score:5, Funny)

    by NotDrWho ( 3543773 ) on Thursday May 05, 2016 @09:04AM (#52051813)

    Our antivirus is completely up to da

    Upgrading to Windows 10......

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Many(most) Hospitals and medical centers are still stuck on Windows XP, there's no upgrading to Windows 10.

      • seriously. hospital IT has to lag way behind, often because vendor software doesnt support newer OS versions. I know a medical center that has thousands of desktops and only started rolling out windows 7 last year.

        I was an intern there 5 years ago, and i was on the team that was deploying XP SP2 [yes, 2, not a typo] at the time.

        many of their software vendors are the frickin worst.

        there were some scanner pcs, like for x-rays or MRIs or something, i don tknow what, that ran Windows NT or Win2k--i would not be

        • Re:No problem (Score:5, Interesting)

          by some old guy ( 674482 ) on Thursday May 05, 2016 @10:01AM (#52052151)

          Having worked in biochem, it's not the hardware vendors causing the lag, it's the FDA-mandated cGMP validation and certification process that takes for.fucking.ever and has to be repeated for every tiny little change. Yes, it helps ensure quality and consistency, but it is painfully slow and discourages change, however desirable.

          • Re: (Score:3, Insightful)

            by mrchaotica ( 681592 ) *

            The only sane way to develop such a thing would be for the vendor to be responsible for the entire software stack from the firmware on up. This sort of stuff should never be built on Windows in the first place!

            • I really can't tell if you're joking or not. I guess you are, since you are very far from reality.

              If you did mean this to be taken serious, I'd like to see you give a cost estimate for building a "hello world"-app as per your proposal.

              • I'm not saying you should be redeveloping an entire OS every time. I'm saying that you should maintain a fork of the OS along with your application. In life-safety-critical situations, you need to have complete control of the environment in which the software is running.

                • Your fork will contain all the vulnerabilities (known and unknown) that are present at the time of the fork.

                  The problem here is negligence in not patching the vulnerabilities when possible. If you're going to patch when possible, you might as well run with a standard release - delayed to give time to validate said release for acceptable regressions. This is sort-of what's done today, except that many validations are indefinitely delayed, until a substantial problem is reported.

            • That would be impracticable. You could however require a "certified OS" that is more along the lines of QNX which supports QT. My guess is, the reason this isn't done is because managers consider Windows "off the shelf" and think it's going to be cheaper.
          • Not correct. I know medical vendors like to use this as an excuse. But the FDA continues to state [fda.gov] that software does not need to be recertified except in cases of major changes to the functionality. The manufacturer is still responsible for quality testing however.

            Ordinarily, FDA will not need to review software patches before a device manufacturer puts them in place. FDA views most software patches as design changes that manufacturers can make without prior discussion with FDA. ......For example, manufacturers need to seek FDA's approval or clearance before installing a software patch if it would change who it’s for, what it does, or how it works (a change in the indication for use), and/or it would make the device less safe and effective.

  • by Anonymous Coward on Thursday May 05, 2016 @09:05AM (#52051819)

    Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!

    • by DarkOx ( 621550 ) on Thursday May 05, 2016 @09:34AM (#52051975) Journal

      I have often wondered about this. Does Microsoft sell Windows license with a EULAs that don't contain prohibitions for uses cases like these?

      The Microsoft software was designed for systems that do not require fail-safe performance. You may not use the Microsoft software in any device or system in which a malfunction of the software would result in foreseeable risk of injury or death to any person.

      In most other engineering professions if you picked a component specifically labeled and sold as not fit for use case you'd be taking on all kinds of liability. Can you imagine if an architect decided to build a parking deck and spec'd concrete be mixed from a cement product labeled "not for structural use?"

      I can hear the lawyers salivating at the very idea. Yet Windows is used in off label ways seemingly all the time.

      • I completely agree with you, but this case isn't like a Da Vinci surgery robot crashing (or going haywire!) in the middle of the surgery. It's more like the camera/imaging equipment crash. Yeah, the cardiologist was probably pissed/confused and the OR techs and nurses were freaking out a bit, but I doubt the patient was in any actual direct danger from the crash. Any danger would indirect, such as prolonging the procedure and exposing the patient to more anesthetic, or rendering the procedure futile and the

        • by DarkOx ( 621550 )

          I don't know, I mean IANAHS (I am not a heart surgeon) but it seems to me that we are using all kinds of imaging equipment to do things like laparoscopic surgeries that we could not have done before. This isn't like the lane departure warning sensor in your car failing, where you can just drive like you always used to do. Its seems very possible that the loss of imaging equipment in the OR mid surgery could throw the entire plan off in away that very well could endanger the patients life.

          Even monitoring e

        • Except the camera is how they see. You should look up the procedures for heart catjorization and how they put in stints. It is scary if you go blind at the wrong time.

        • Yeah, the cardiologist was probably pissed/confused and the OR techs and nurses were freaking out a bit, but I doubt the patient was in any actual direct danger from the crash. Any danger would indirect, such as prolonging the procedure and exposing the patient to more anesthetic, or rendering the procedure futile and they'd have to try it all over again the next day.

          Those are all bad enough. Surgery is serious business, and forcing a surgery to be botched so that the patient has to go through with it agai

          • I sure hope the patient in this case sues the hell out of everyone involved here for using a Windows-based solution.

            In that case the patient won't get very far with his case. The point the patient *could* try to win the case on is whether the GxP-process included testing on the operating system used for the procedure, and the other software on it. What were the installation instructions for the software and where they obeyed to the letter? If it says "Install on windows XP and use whatever you like because it will run" it's likely the vendors are liable. If it says otherwise, the hospital may be liable.

            Of course, liable

    • by nmb3000 ( 741169 )

      Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!

      Absolutely, and I hope the manufacturer gets sued into oblivion followed by criminal litigation for the C-level. There should be zero tolerance for this kind of insane sociopath behavior that trades people's lives for dollars.

      Everyone wants to use commodity hardware and a commodity operating system because it saves (a lot of) money and is "easier" to design and develop. The only problem is your Visual Basic 6 heart monitor with a UI written in Flash running on Windows 8 with McAfee and Microsoft fucking e

    • For equipment like this, it's pretty common that the PC does very little and an RTOS is probably not necessary. Anything important or real-time is done on the equipment itself and the PC is just a dummy terminal. If the PC goes haywire, a watchdog timer probably puts the system into a safe state. I think that's why it's so common to use Windows.

      I'm not saying it's right. In fact, it's all the more reason to use as simple and streamlined OS as possible. Something like a customized RHEL that only has enoug
    • Hospitals don't get to "pick", they don't get to install their own OS. All this equipment spends a long time getting FDA certified (which there are several different versions of), the "end users" (the hospital) isn't allowed to do anything on these devices. Complain to the manufacturer, in this case it's IBM. A good friend of mine works for Oregon Health & Science University, he's been fighting with GE due to their "non-supported OS's" that GE is still shipping on "brand new" devices...like Windows 20
  • by Anonymous Coward on Thursday May 05, 2016 @09:07AM (#52051831)

    Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect. The product security recommendations, (b)(4), explicitly state, "the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files. Our experience has shown that improper configuration of anti-virus software can have adverse affects including downtime and clinically unusable performance. ".

    • by DarkOx ( 621550 )

      To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files.

      Right because there is no possible way the application could have a parsing bug handling patient files, that could lead to buffer overflow and an RCE or anything like that.

      Its also true that similar bugs have never been found in commonly used image handling libraries...

      Oh wait the second one is definitely not true and the first has at least a non-zero probability.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Which completes excuses the unhandled exception in the product that they clearly knew about, or they wouldn't have so explicitly worded the instructions. I see the manufacturer failed to learn the lessons from the Therac-25.

      Any system that requires humans to follow instructions that they read once a long time ago, but must follow exactly on a rarely performed task is an accident waiting to happen.

    • Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect.

      Fact is, this is exactly what you are going to get when using a Windows based system. You assume at the beginning that all problems are your fault, and that you must anticipate everything.

      Based upon experience, they were also at fault because they were using Windows. Never at fault is the Windows operating system.

    • What that says to me is that the manufacturer knew about the problem and shipped it anyway. The usual and customary practice with Windows systems, especially older versions, is to install anti-virus. On critical systems, anti-virus would be considered best practice and not installing AV could be considered reckless. The manufacturer knew that protecting the machine in the ordinary manner would endanger patients and they did nothing to either alleviate the danger (don't CRASH just because an AV scan is runn

    • And running a scan EVERY HOUR seems overkill, not to throw puns around. These devices shouldn't even have real internet access, nor should they be accessed for anything that they need 24 virus scans run on them every day.With the speeds I've seen most scanners run at, it seems to me that this machine would be spending at least 25% of it's time running one of it's 8,760 yearly scans.
  • by HalAtWork ( 926717 ) on Thursday May 05, 2016 @09:10AM (#52051849)

    Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.

    • by clodney ( 778910 )

      Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.

      On the one hand, that makes perfect sense, and removes a whole bunch of failure modes.

      On the other hand, that makes it a more expensive device to build and maintain, increasing the cost of health care all around, and ultimately squeezing out other components of health care.

      Medical devices deal with risk minimization, and that often involves deciding which risks are acceptable. If the device can be sold for $5,000 based on a Windows PC, and $15,000 based on a proprietary hardware stack, and because of that

      • You don't need a proprietary hardware stack, you just need a decent RTOS. There's plenty of them out there. But you're not going to be able to use Visual Basic with those.

  • by GIL_Dude ( 850471 ) on Thursday May 05, 2016 @09:10AM (#52051853) Homepage
    This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.
  • by ZipK ( 1051658 ) on Thursday May 05, 2016 @09:19AM (#52051891)
    It just writes itself.
  • by fuzzyfuzzyfungus ( 1223518 ) on Thursday May 05, 2016 @09:20AM (#52051899) Journal
    Antivirus systems aren't useless(I wouldn't trust their 'disinfection'; but they at least catch people reusing obsolete exploits and sometimes provide warnings that something is amiss); but this is one of those situations where hearing that antivirus software is running is a giant red flag: it usually means that a full-fat desktop/server OS with a network connection and who-knows-what-else running on it is doing the job of a dedicated computer. Quite probably being allowed to retain state over time except for the ever so occasional re-imaging. That just isn't going to go well. Even if your application needs full Windows whatever for some reason, there are plenty of ways to keep it on a much tighter leash than just shoving a desktop at the problem and hoping Norton can save you. If a system is contained by the network so that it can only talk to the external hosts it absolutely needs; and is booting from a clean, static, image every time(with all changes discarded after any data generated during the session are moved elsewhere) you are a great deal safer.
  • by rlp ( 11898 ) on Thursday May 05, 2016 @09:23AM (#52051915)

    Why would anyone use Windows for a real-time critical application? There are small real-time OS's designed just for such applications.

    • If anything, blame the FDA. They would have had to approve the software that requires this configuration.

    • Re:Seriously? (Score:5, Informative)

      by jfdavis668 ( 1414919 ) on Thursday May 05, 2016 @09:39AM (#52052019)
      The machine didn't use Windows. It was hooked to a PC to record the logs during the procedure so the doctor could review them later. The AV software locked the log to perform the scan, and the medical device crashed. They had to reboot the PC to keep working.
      • by OzPeter ( 195038 )

        The AV software locked the log to perform the scan, and the medical device crashed. They had to reboot the PC to keep working.

        While not expected, this sort of failure (logging device unavailable) IS predictable, and IMHO should;t have caused the crash in the first place. I'm a big fan of a "broken windows" style of software assessment. If I can see something broken (no matter how trivial), it makes me start to wonder what other things could be amiss that I can't see.

        Or to give a car analogy. If I have a car with mis-matched seams between panels, I'm going to be worrying about what other parts of the car have been treated with t

      • So it WAS a flaw in the medical device. An error thrown to indicate logging was non-functional is the proper result for a remote file being locked, not a system crash. Who QA'd this device, Microsoft?

      • by gweihir ( 88907 )

        What kind of messed-up device. This has been solved for ages. First, if the logs are critical, make a local copy. And second, if you send them off, use UDP so that network failures or failure of the remote logger does not block anything on the local machine. You know, like rsyslogd. But I guess this is just another example of cheaper-than-possible "programmers" at work, the kind that does not understand system administration or networking.

  • by unixcorn ( 120825 ) on Thursday May 05, 2016 @09:35AM (#52051987)

    "Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. "
    I seriously doubt the computer was owned by the doctor. More than likely, it was procured, set up and managed by a team of IT specialist at the hospital/clinic who know little to nothing about the software that might be running on it. Likewise, if the company supplying the software isn't providing a dedicated, hardened box to run the software on, they share the blame as well. Or, I have seen dedicated boxes with all kinds of crap loaded on them by operators who had no clue what the consequences might be. The bottom line here is that maybe computers should be kept out of the operating room. Or maybe doctors shouldn't be allowed to use them.

  • If the patient was a typical politician, maybe this was actually a divide by zero error?

  • Really?

    Why anyone would put anti virus software on a computer that is isolated from the net, has likely all USB ports disabled etc. is beyond me.

    Make the damn boot drive read only, put the data on a different drive/partition ... then you can even keep USB and DVD reader/writer accessible.

    Just don't put a windows PC into any network unless you really knwo what you do.

  • by QuietLagoon ( 813062 ) on Thursday May 05, 2016 @10:05AM (#52052187)
    At some point, the developers of computers that are used in critical situations (medical operations, battleships, etc) will soon realize that it is to the detriment of their end users to use a general purpose operating system for systems.

    .
    It is easy to fall for the siren-song hype from the marketeers that the general purpose operating system is up to the task (remember Microsoft's marketing push that Windows CE was a real-time operating system ,even though it wasn't?), and that being able to use their knowledge of Windows is a benefit that will make their system better.

    Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.

    • At some point, the developers of computers that are used in critical situations (medical operations, battleships, etc) will soon realize that it is to the detriment of their end users to use a general purpose operating system for systems.

      It doesn't matter; the developers have no input about the OS to be used. That decision is made by management.

    • >

      Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.

      Heh. Go to any major airport with nice big screen monitors showing flight information and some percentage of them will have Windows dialogue box on them informing you of some problem...

  • It didn't try to update to Windows 10 in the middle of the procedure!!!!

    I swear there has to be an international body that can declare Windows as a virus that must be eliminated from the planet before humanity can move forward.

  • Whatever happened to a simple audio log? We've got recorders that encode directly to MP3. Just make the recording and copy it into patient files after the end of procedure.

    This 'do everything with a computer' mentality is exactly why we have these nonsensical issues happening in the first place.

  • O M G.. Can you imagine if windows update and antivirus ran at the same time? The world would explode!
  • by kheldan ( 1460303 ) on Thursday May 05, 2016 @10:33AM (#52052375) Journal
    I used to work for a company that built ophthalmic ultrasound machines. It was Windows based (unfortunately). IT departments, being who they are, wanted to put things like antivirus on it. Then the doctors would complain that the MEDICAL INSTRUMENT wasn't performing as advertised. They send it in to us for 'repair'. We remove the shitty antivirus (and all the other crap that IT guys would install on it), then it works perfectly again. We return it.. and IT guys would screw it up again. Rinse, repeat, ad infinitum.

    MEMO TO IT GUYS: Stop treating medical instruments like they're desktop computers! Find another solution, or AT LEAST be smart about how you're installing your junk on it, IT IS A MEDICAL INSTRUMENT, DAMNIT!
    • by gweihir ( 88907 ) on Thursday May 05, 2016 @11:08AM (#52052671)

      The stupidity of some IT people is staggering. We had one case where they put AV on a highly isolated system and then had to compromise its isolation to allow over-the-net updates. When we told them that the system was not isolated anymore and that at the very least the AV vendor could now attack them over the network, they did not even understand what we were talking about. They mumbled something about "all machines must have AV".

      • They mumbled something about "all machines must have AV".

        That's pretty much the long and the short of it, yes. They don't seem to understand that it's primary function is as a medical instrument, and that compromising that may compromise the health or even the life of a human being. I'm surprised the FDA doesn't get more involved in things like this, since there is extensive testing of any medical instrument before it is allowed to be sold in the U.S., and especially so in the case of anything computerized. Of course I've always thought it was absurd that any med

  • why are they using a general-purpose OS, supplied by a company that's known not to care about security (because it costs money and profit), for *life* saving mission-critical software? i don't understand.

  • Who in their right mind designs life-critical systems around off the shelf operating systems like Windows? There's a reason aircraft computer systems are custom and highly redundant. Medical equipment of this caliber is no different.

    What company produced this system? Their accreditation should be revoked.

    • by gweihir ( 88907 )

      It is a question of cost. A Linux/QNX/BSD coder is expensive. A Windows coder is cheap, hence more profit.

  • It found a human virus?
  • Now doctors will need full local admin rights + app admin rights to turn off anything that may get in there way. In some settings (more likely with poor IT in place) may even need domain admin rights so they can over ride / block GPO's.

"I may be synthetic, but I'm not stupid" -- the artificial person, from _Aliens_

Working...