Slashdot Mirror
Fed-Up Hospitals Defy Windows Patching Rules
bingbong writes "According to Network World: 'Amid growing worries that Windows-based medical systems will
endanger patients if Microsoft-issued
security patches are not applied, hospitals
are rebelling against restrictions from device manufacturers that have
delayed or prevented such updates. Device makers such as GE Medical Systems,
Philips Medical Systems and Agfa say it typically takes months to test Microsoft patches because they could break the medical systems to which they're applied. In some instances, vendors won't authorize patch updates at all.' This is the typical patch vs. crash problem. Unfortunately, the stakes here could be human lives."
Why is hospital equipment running windows? Anyone that knows anything about embedded systems with high quality requirements know that you stay away from large OSes. Even Linux is avoided unless you need tcp/ip and if you don't then its better to have a small maybe even off the shelf OS. The Key is to limit the testing requirements and limit changes, which are goofy to test a life support system just to have the latest and greatest IE 6 or 7 that you shouldn't even, have hooked to a wide-open Internet anyway.
Why are they even accessible on the internet? Seems like these should be in a secure private network unlikely to be attacked.
Unfortunately, the stakes here could be human lives.
:D
da-da-duuuuuummm... sounds like a tag line for some shoot-em-up summer thriller
pshaw! what's a few human lives when network security is at stake?
OK.... We now have the Food and Drug Administration in charge of computer security?
Why are these things on any sort of publicly accessable network? They should, at least, be on a private network that's physically separate from everything they don't absolutely need to talk to & firewalled all to hell.
my sig's at the bottom of the page.
...do they not just put these devices and systems behind something as simple as a $50 hardware NAT firewall, especially for a device that costs hundreds of thousands - or millions - of dollars? (Or better yet, why does the vendor not integrate such protection if they're relying on network-connected Windows systems for device control/interaction?)
The norm is that these devices may need to connect *out* to something else, but don't necessarily need any inbound connections, so a hardware firewall, or even a host-based software firewall, would work perfectly in most instances; those that do need externally initiated inbound communication can *still* set up the necessary rules to allow such communication to take place. And yes, it is just this simple. (I did RTFA, and noted that some vendors actually recommend this, but that, startlingly, "there have been several instances in which viruses originated from medical instruments straight from the vendors"!)
"Embeded Linux"
I would much rather have my life staked on a Linux based embeded system than the current crop of MS systems mentioned above.
The real trick is pushing the vendors of the deviceds to move to an open(read: solid) OS platform.
Why would anyone use Microsoft Windows in a hospital setting? The blue screen is not supposed to able to be literal.
Take cheap shortcut, expect these kind of problems.
All these computers should be running on UNIX servers connected to dumb terminals.
I work for a hospital,and I have to say that our network may be 'stable' but it really sucks. We run Windows2000 Pro with many problems, and frequent crashing. If one of our secondary databases crashes, as they seem to do often, we have to wait a day or two until we can get a reboot of the system because the main database runs on the same server. Productivity really goes down the tubes sometimes to allow for the 'stable' network.
Boxing Equipment Reviews
Damned if you do, damned if you don't, and as usual the patients suffer. Maybe Microsoft should have a Health Services division to test out patches on stuff WITH the companies.
Moo.
How would the patches reuin the medical systems? Sure, there's a small chance the cruical security patch will mess something up, but what is that chance? I know windows isn't great, but everything of mine still works after I install a critical patch. Is there a reason these machines are hooked up to the internet at all, anyways? I could see the usage, but if security is an issue, why wouldn't they opt for a more secure network solution instead?
Excuse me, I don't mean to impose, but I am the ocean
Maybe they should use something more reliable (not necessarily Linux, but that could be an option too). Generally the *nixes have a better reputation for reliability. It's scary trusting your life to Windows.
Okay, so MS fixes all its ports so they are closed by default and it breaks SQL but ups security...any great shock vendors don't trust customers to apply patches that haven't been tested by the vendor first?
MS isn't going to get hordes of screaming and angry customers, the vendor is. It's a catch-22 and odds are pretty good stuff is going to break because it was easier to do it fast than right.
I hope my laser knee surgery ends in a terrible case of the blaster virus.
yay!
Sounds like these hospitals need to get a clue: Use the right tool for the job. Windows is way overkill for a hospital environment. In fact, I know many hospitals do NOT use windows for their systems.
These people got what they asked for. They chose to not put any effort into setting up their systems (oh yeah, just slap windows on everything, everyone already knows it so it will be so easy), and this is what happens.
sp2 has been out for beta testing for a while, if its that mission critical, which lives are, the medical systems should have been testing for months on just the IDEA of an update. same thing goes for Big Blue :P
it seems that they are just fans of playing catchup, or under budget their testing areas which need more attention!
Another example of why quality is going to be taken more seriously in future than it has been. This is real world stuff. Quality matters to the manufacturers of medical equipment, it should matter at least as much to the computers that control or monitor it.
I thought most hospital medical devices ran an embedded operating system like QNX?
Most of these systems are sold as turn-key stand-alone systems that shouldn't be dependant upon things like the Internet. Realistically, why have a system connected to the network when people's lives depend on it? We all know how insecure anything connected to a network is.
I.e. patching systems that a person's life depends upon is ridiculous. These things shouldn't be networked to begin with. And if they are networked, they should be so highly locked down that nothing except a local exploit could harm it. And god knows they should never be on anything but a secure internal network.
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
scary new meaning to blue screen of death.....
Medical machines responsible for human life should never need to be patched. The software was tested at one point and should be controlled to stay at that test point until it is to be retested. For machines running windows this means they should be segregated from other parts of yoru network and should be airgap firewalled from the rest of the world. Intenet worms and email trojans shouldn't be relevant.
But if human lives were steaks, that would be pretty cool.
/ Soylent Green is people!
A feeling of having made the same mistake before: Deja Foobar
As long as there is an air gap ant the Win machines are not on a network, there is little need for the security updates and a big downside to installing code that could negatively impact the devices that interface with the system. When you are driving something as dangerous as a highpowered x-ray system like a CAT scan with a windows box, putting an untested patch on the OS is an invitation to disaster.
where is that debian-med disro when you need it?
[n8.r0n] http://petesweb.spymac.net/
Look before you leap ...
...
Not only is IBM showing evidence of compatibility issues with XP SP2. Microsoft's own software is also affected. Earlier this week the software vendor released an update for Microsoft CRM 1.2 because SP2 will prevent the original application from running correctly.
Because of the broad changes, analysts have compared the XP service pack to a Windows upgrade instead of a simple update. Business users typically take much longer to install a new version of Windows than a service pack because of compatibility testing.
IBM says "dont patch"
IBM, for one, is holding off on installing the security focused update for Windows XP. In a note headlined "To patch - or not to patch" posted Friday on its corporate intranet, IBM tells its employees not to download SP2 when it becomes available because of compatibility issues.
They're not rebelling. They're just beta testing for the vendors.
I would consider this one situation where keeping up with the latest MS patch seems like a very bad idea.
Medical devices undergo huge amounts of testing to make sure they work correctly. Throw on the latest patch, and poof, suddently the same device might not work at all, or might work most of the time and crash on occasion (probably the most dangerous situation).
Keeping up with the latest MS patches mostly only matters on networked machines trying to run a more-or-less random collection of 3rd party software. For a standalone medical device, that simply does not apply, and the old maxim very much applies - If it don't break, don't fix it.
Obviously some exceptions to this apply... A machine that already crashes at random clearly needs some improvement. But trying the latest LookOut patch that might break 20 other system components won't help that - Thus the whole recertification process, which ONLY the device manufacturer and the FDA can (and should) have influence over.
Boy this story sures gives new meaning to the dreaded BLUE SCREEN of DEATH!
Ouch!
Is Windows really the problem? Who guarantees that another OS will be better, at all times, on a mission-critical application? Personally, I think the answer is not on Windows vs. Others, I think it's more on the availability of code or not. One could argue that an open platform might be easier to patch and deploy. Then again, I'm only speculating. Mission critical systems are not your everyday DVD player.
Comment removed based on user account deletion
I'm not a big fan of Microsoft, but I don't think the quality (or lack thereof) of their products is the issue here. I've read from their EULAs that their products are not suited towards critical applications (ie nuke facilities, life support). My point is that although a EULA is not a legally-binding contact, the fact that MS is stating in public Windows shouldn't be used in critical applications should tell you something. The bottom line is that if GE, Philips or Agfa build a medical system, they should be responsible for that product from the software up to the hardware. The fact that *they don't have control* over one of the components in their products (the underlying OS) is negligent, IMO.
I would get laughed out of court if I tried to blame a critical problem with a report I wrote on my secretary, and the same should happen with these companies if somebody's loved one dies from their irresponsibility.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
If I was on a life support machine that I knew was being run by Windows, my state of mind would be such that I would no longer need a life support machine.
Once in a while, we get an article or comment on this site suggesting that if only software design and implementation were licensed, goverment-regulated professions, software reliability would improve.
Here's why it's no silver bullet. The bureaucratic overhead of testing and certification would slow what was once a fast-moving industry to a crawl, harming reliability in other ways.
Internet worms would force internet shutdowns because unplugging the network would be the only legal recourse left, because legally-mandated testing of the installation of a software patch would take too long.
people who rely on windows devices to keep them alive probably deserve what they get. Just kidding but seriously I dont understand why the developers of the devices use windows to begin with. I dont think a heart monitor needs to be able to play solitare.
Did you know you can be apathetic to apathy? Not that I give a shit...
Crap! Who put that wireless card in this heart lung machine? Oh no! I've been slashdotted...
Idol Star Astronomer
where do you want to die today?
Survery says... Beeep! Beeep! Beeep!
What "security" or other risk with a turnkey standalone system? I'd rather risk the remote chance of someone breaking into my room to run CAT-5 to my vitals monitor rather than a BSOD (possible REAL death in this case) because Service Pack x broke some obscure function and failed to alarm the nurse when my heart stopped.
Do the morons at the hospitals run Windows Update on the defibrillators?
The manufacturers have tested and retested and regression tested everything that goes into those medical devices (or they say, anyway), so why deviate from a known good combination without a compelling reason?
This comment does not necessarily represent the views and opinions of the author.
That obviously excludes use of OS'es like Windows, Linux, or any other common, general-purpose OS. If the application isn't safety-critical, use whatever is most practical.
If I would be in a hospital and find out they use W***s or L**x for running stuff like a breathing machine or hart monitor, I'd sue them, go to the press, or both.
My father works for GEMS as a Field Service Engineer; he repairs and installs X-Ray Machines, CAT Scanners, and Mamography machines. As far as I know, GEMS doesn't run Windows on any of it's boxes (other than Engineer Laptops). Most of their older systems are UltraSPARC/SunOS boxes. The newer ones are Intel Xeon/Red Hat rigs with their own custom window manager. Heh, he's even called me in a few times to help him with some Linux problems.
It makes sense to me, GEMS and the Hospitals aren't going to risk $500,000 to $2,000,000 machines because of Microsoft's poor track record. Not to mention, a bug in the software can bring down the system for hours, until someone can come in and fix the problem. My Dad has problems all the time with doctors breathing down his neck. Most the time they have a full schedule, and when a x-ray tube blows it can take up to 4 or 5 hours to replace. Not including shipping from Wisconsin or France.
Bugs are just features that have been fixed.
Of course administrative computers used for record-keeping do run M$ mostly (somebody should point out to the HMO's how much money they'd save with Linux! They'd be onto it in a shot). But the "patients lives on the line" threat there is not as great as the having faulty code controlling a laser in a brain surgeons hands.
I suppose that M$ must be developing a real RTOS for use in medical machinery. They would have managed to get in some OS variant into some non-critical systems. And they will probably penetrate the critical medical systems market at some point in time.
That would be a bad time to visit a hospital.
See that long UID - that's what you get for lurking too long
I'm sorry, but no matter what OS these devices are on, WTF are they doing on a generally available network where they can be crashed and where security updates are necessary? They should be completely isolated!
This is not so much a Windows problem as opposed to a lazy network admin's problem.
Isolate those damn machines!!! Don't have network ports just opened everywhere! Come on, this is why network admins get paid the big bucks!
I used to do IT work for a hospital chain in Austin and there were no devices that could "kill" a patient if windows crashed. Windows was only on the workstations ant there were multiple workstations in the area so if one crashed the user could go to another one. If Phillips & GE are planning on using embeded XP as an OS for their medical machines then they are the ones putting the patient at risk.
Boy gives new meaning to the term: Blue Screen of Death doesn't it! :-)
Ouch!
DON'T USE WINDOWS.
Use something else- it's not hard at all to make medical devices using QNX, Lynx, Linux, or *BSD. And you really, really can't say that WinCE and XP Embedded is really any cheaper than the alternatives- and if you're not using an embedded OS on a medical device, you need to have your head examined and your company ran out of business anyhow.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Same with an automated clinic analyzer that does a dozen blood enzymes in one pass.
Some of these are connected with a satellite dish on the roof, but a lot are plugged in to a POTS.
Hell, even those Fuji photo minilabs at Walmart are plugged in to the net. And it's all Windows, all the time.
And I don't mean Linux or *BSD. There are high-reliability OSs out there, and for life critical systems, why can't these vendors use a grown up OS like QNX or WindRiver's VxWorks.
I don't understand this obsession with using Windows in embedded situations! Especially critical systems. Why?? There are other OS's designed for safety, reliability and embedding. Why are these medical equipment companies ignoring these better alternatives?
The bitter lessons of a veteran coder: http://bitterprogrammer.blogspot.com
The recent times I've been in hospitals I've checked to see what they're running. The two major hospitals near me don't appear to have the real "life and death" equipment running Windows. I'm talking about vital stat monitors and other surgical recovery equipment. I've seen certain medical records being accessed on Windows-based systems. Perhaps then there could be issues with lost information as to current prescription or observational data being lost or corrupted.
But even then wouldn't such systems be running separate from the public Internet? If so, on top of that wouldn't they be secure enough so that executives with their laptops can't just plug in and hose things up? With even entry-level expertise IT staff should be able to separate these boxes onto some sort of a VLAN that would secure them by default. What are the IT folks' take on this who are working front line in the medical arena?
No one, anywhere, anytime should be running mission-critical systems on a Microsoft OS. Ever. If a life depended on it, it's doubly so. Period.
then it doesn't make sense. You are aware of the state of the US HealthCare system I assume (you may not, look it up). I'm sure cost is a HUGE factor in this dealy game of OS rulet.
Sad, but true.
I was going to complain about how Windows is not appropriate for embedded devices, but then I reread the article for examples. They don't make one mention to any kind of "device." The only thing they mention is some system by Kodak for transferring images. I think the word "device" is there to scare the public into thinking that their heart monitors and chemotherapy machines are going to be infected. I doubt these devices have hard drives or TCP/IP connections to infect. More likely, they are talking about hospital computer systems. My experience in the Medical Informatics biz is that this sector is technologically further behind than any other section of IT.
The AC posting in the parent has it right in ONE. Why do you need Windows for most medical systems? Convienent UI? You can get that with any of the usual suspects in the embedded arena- and it'll be 100% as good as the Windows UI with the ability to certify the OS for safety use. This is one of those areas where I'd rather have an OS that has been or could concievably be certified for FAA approved use.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I.e. while one can build a simple manometer the reality is that blood pressure devices used today probably have all sorts of interdependancies that can cause a ripple effect, so one should be pretty darn careful before just applying patches licky-split ... in a work discussion earlier today, we talked about how one of the recent Microsoft security patches broke one of our applications.
Hulk SMASH Celiac Disease
so that you can surf the net in between cleaning bedpans? (mozilla supports windows).
This attitude is absolutely endemic across the IT industry and in no way is restricted to ISVs and VARs who use Windows.
We castigate OS manufacturers and writers endlessly for failing to produce patches quickly enough or indeed writing OS that have serious flaws in the first place but forget that the application writers:
A) Also write insecure software
B) Rarely follow best practice when writing their software thereby ensuring that when OS manufacturers patch their OS, THEIR APP. BREAKS.
I've lost count of the number of times I've run a snapshot, patched, checked it worked and run with an application rather than wait until the manufacturer gave me the say so.
They generally ask you to feed back the result to them. I do it, but extremely grudgingly as I'm doing the bastards testing work for them.
Other particular favourites are:
"no you can't run Anti Virus"
"no you can't run a software FW"
Anti Virus is especially annoying, particularly from vendors of media packages whose files I DON'T BLOODY WELL SCAN!
I wonder how many slashdot users know what endemic means?
Used to have a Slashdot account but have long forgotten both the name and password (gSePnAtMo!o@arseKYOMUfeck.org - work it out if you're interested).
But, in light of the fact that they approved Windows for use in medical equipment of any kind, I doubt they're doing their stated role here (Though, looking back on all the things that they've approved that weren't safe at all and all the things that ARE that they haven't approved and never probably will, I don't think they've got that role down very well at all- the safety role, that is...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
"People's lives are at stake" seems to be a favorite sound-byte in the responses I've seen so far. Hell, even the autor of the story uses it.
But that very phrase is why delays make sense. It puts peoples' lives at stake to make an unauthorized patch -- if it breaks a critical system, people die. At the same time, not patching could produce a security hole, but the system has worked fine so far. So which is a greater risk? Patch a security hole that might not need plugging *yet*, at the risk of breaking a critical system and killing people, or leave the security hole open until the manufacturer authorizes a patch?
I suggest that the latter is the safest course of action.
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
Pshaw, what a pant load. Here's a more rational look at this.
1: Chances are, your life won't be at stake. Any doctor or nurse worth their salt should be able to keep you alive without a computer. It's not like it's sitting in the room beside you, monitoring you. At least, not one running Microsoft
2: Any System Administrator worth his/her salt never, ever, ever puts a patch on a critical system without first testing, testing, testing on another system.
3: Also, any System Administrator with half a brain puts some type of firewall in place between the world and critical systems.
If the above three conditions are not true then the failure has occured in more important places then Microsoft or the Software Provider.
And BTW, Linux is not the solution here. Sure the vendor might be able to put together a fix faster with open source but there would still be some lag time; assuming the software vendor chose to make a fix at all and not take the same attitude they are taking with Microsoft.
It take more faith to believe in evolution than it takes to believe in God
They *are* worried about malicious activities (e.g., worms, breakins, etc.), because that's the whole reason they're talking about patching.
The whole point is that a hardware firewall mitigates the need to patch for those reasons, and leaves the OS in a state that is supported by the vendors for use with the specialized equipment and software.
You'd think hospitals would be experts at patching things up. They'd also be experts in um...worms, and to some extent viruses, too. Someone needs some PC-Cillin, stat!
On a more serious note, there exists the current dillema -- do you not wait to patch and risk borking things or do you test things out for a (prolonged) period of time risking system exposure?
It's a grim reality that patches will on occasion break something else. It's a matter of which risk is bigger -- exposure to attack, or breaking critical components. I believe that exposure to attack can be dealt with much easier with layers of security. Preventing the breakage of critical components, on the other hand, really demands the time and effort to test the patches before massive deployment.
And so a patient, doctor, or nurse plugs in her trojan-infected machine to a local port.
Fun ensues...
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
I work in one of the top hospitals in the US (Top 100 Wired, top 25 in a lot of the US News and World Report rankings, etc) as the principal technology architect, and I can say that people are idiots for going nuts and patching immediately.
Our CIO, who's pretty well respected among his peers, asked us last week on deployment schedules for this. We pushed back and said, if we deploy now, we'll run into a host of issues. Over the weekend we did some cursory testing against most of our Patient care apps (a lot are web based) such as Cerner Millennium and GE's CentricityWeb. We're far ahead in the CPOE game for healthcare, so our devices are used for input of labs and orders.
Most of the biomed equipment we have doesn't run Windows. Personally, if you do your environment right, then you shouldn't have to worry about viruses and stability.
Healthcare doesn't function like the rest of the business world. It's a completely different animal.
Well... I don't understand...
Most of the people (including me) I know is bashing Windows, because it is prone to crash.
XP is perhaps more stable, but it's not yet full stable enough. But looking were I work... that's a nightmare, the people have at least 50 reboots of servers each day for a total of 800-900 servers.
If you look big companies... they don't put their production on Windows servers, but more in UNIX/MainFrame/... servers.
Windows are more for small non critical services most of the time.
So why on earth, doctors put people lives under "crash prone" systems?
Something is wrong...
Alex
Maybe they should be running custom software designed for the specific purpose, rather than a system that isn't designed for danger of death situations?
I work with MRI scanners, so I know about these issues very well, and here's an example from my own experience:
An old colleague of mine got funding to start his own reasearch group, meaning he got his own MRI scanner. He asked me to consult on some software that would extract the data from the console of a Siemens scanner (at the time, the console was based on an OLD version SunOS, whose native compilers did not even conform to standard ANSI C) and send it directly to another computer running software that we use for data analysis. The dialect of C was a little strange, but within a week, I was able to get the software together, and my colleague was able to do the type of experiments he wanted to. And his scanner hummed along. This was back in 2001.
Fast-forward to the present. His console has since been "upgraded" to Windows XP system, and in the times I've spoken to him, he's had nothing but bad things to say about the stability of the "upgraded" system. And it's not that he had a choice, as support for his previous system was phased out. So now patients, doctors and reasearchers in his group are at the mercy of the moods of an XP system. And mind you - this system is not even on a publicly accessible network. It is on its own dedicated, private network, and its stability still can't be maintained, even by the support staff of the scanner manufacturer.
When it comes down to it, Windows still does not have the stability (never mind the security issues to cut it in really "mission-critical" situations). Maybe in cases where you need your e-commerce site up, running, and handling 1000s of transaction per second. But NOT when peoples' lives are involved.
..."those that do need externally initiated inbound communication can *still* set up the necessary rules to allow such communication to take place".
Setting up a firewall to allow something like incoming ssh is pretty simple.
I'd highly encourage the health care industry to patch their systems fairly quickly after some testing or better yet, keep all vital systems off the internet and under lock and key. Better to lose some database connectivity than have "pwn3d!!!" burnt into my eye during laser eye surgery or have my drug prescriptions or allergy information altered.
Will you ever trust this dialog?
microsoft heart transplant
for those that love the other Color . You know you like it :)
The war with islam is a war on the beast
The war on terror is a war for peace
Private network won't likely help with all those people running around with viruses. Floppy disks are dangerous people, especially if you have a head cold...
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Firewalls won't help. If it runs Windows, some idiot's going to bring in a CD full of pictures from his latest vacation and the CD's going to be infected with MyDoom or (heck, probably and...) Sobig or any number of other nasties. Or it's going to be something he wants to print on the nice laser printer at the office.... there's a hundred ways to get infected just by clueless users.
Pretty soon, the internal network's either too busy generating random traffic to do anything else-- and even if the Big Iron of the business, the dialysis machines and heart-lung devices and all those wonderful things that better damned well not break work fine, you've still got the terminal the nurse sits in front of that keeps track of when to issue you your shot that keeps you alive spending half its time rebooting because it's got Sasser.
This is not a problem a firewall can solve, and it's pretty darned big: You can't go throwing software around willy-nilly to solve this problem (even though the real problem is that the users _are_ throwing software around willy-nilly), so you can't just go "oooh! A next-day patch from Microsoft, let's hope their two hours worth of QA before it walked out the door was good enough!".
-JDF
Yeah, apparently it would be impossible to put the firewall in a place where it wouldn't be able to be physically accessed by random people. Fucking Christ, can't you see that the simplest solution to this problem - using firewalls - is the best one, instead of retardedly poking holes in it, and holes that can be easily plugged, at that?
Part of the reason is probably that they have legacy equipment. Remember, internet propagation of virii is only about 5 years old (Melissa, the first self-propagating internet worm hit in March or April 1999 if I recall). So older stuff wouldn't even be thinking this way.
those that do need externally initiated inbound communication can *still* set up the necessary rules to allow such communication to take place. And yes, it is just this simple.
With Windows? There are lots of ways around a windows firewall (including timing; the network is currently enabled before the firewall on a reboot. Genius there).
-Looking for a job as a materials chemist or multivariat
All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing. These regulations add weeks, if not months, to system changes, regardless of change scope.
Case in point is the drug study setup. Setting up data entry screens and processes can take up to 6 months for a given trial, and that trial may only run 3 months for the study metrics. If any of these processes are documented incorrectly, and entire trial can be dropped and the drug denied.
This, in the hospital realm, is all about CYA. If a piece of equipment is not certified to this extent, the hospital can be held more liable for patient injuries if said equipment falters.
"Anyone that knows anything about embedded systems with high quality requirements know that you stay away from large OSes."
Why, exactly? Because nobody would know how to hack your tiny little proprietary OS? That's crap and you know it.
I'm not saying that Windows is the right choice, nor am I saying that Linux is. But at least with Linux you can modify the kernel as much as you need to for your particular application, and you can be rest assured that there's a million man-hours on the core kernel already - probably a little bit more then the proprietaty ones, 'eh?
"Even Linux is avoided unless you need tcp/ip and if you don't then its better to have a small maybe even off the shelf OS."
Man, I dont' even know what this means. What "off the shelf" operating systems are you talking about? Because you can get, like, all of them off the shelf.
- It's not the Macs I hate. It's Digg users. -
The fact that people are installing patches on these machines against recommendations to do so scares the living shit out of me. I know that these people have good intentions but the road to hell is paved with good intentions. They don't know all of the variables. Some patch might introduce a new feature (something that does happen from time to time with MS patches) that causes the software to malfunction. This could cost lives. I really think a $50 firewall box would be a much better idea.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Because the doctor could just fix the code himself right in the operating room and then just continue working.
> Unfortunately, the stakes here could be human lives.
Soon to be made into a movie starring Uma Thurman.
It's called "Bill Kills".
assert(birth_date<time-86400)
I don't know how GE and Philips do their stuff, but in the systems that I work on, the computer that controls the actual X-Ray's and gantry movements don't use window's, its a custom, very stripped down version of Unix. We do use windows in several other of our devices, such as the imaging system. But if any of those systems should go down, the worse that will happen is a loss of image quality. The doctor will still have X-Ray, and Gantry movement, and the ability to remove the anything he has in the patient, or even continue the proceedure. It won't look pretty, but it will still work.
I can't imagine Philips and GE doing any differntly. None of the medical manufactures want to take a chance of putting something critical on a windows machine, and killing a patient due to a windows system crash.
The article mentions one thing that needs to be emphasized, which is where the FDA guy states that they're not going back to the dark ages where systems don't talk to anything else. For years, every device was on its own proprietary network (if it was on a network at all), and talked to itself and absolutely nothing else. This was bad.
In only the last couple of years (because medical IT is very behind the rest of the IT industry in a lot of ways) these devices have moved rapidly to using commodity protocols and network infrastructures, driven by hospitals' needs to do all of this more cheaply, and not have a lot of chaos.
Also, they want to provide some value add on top of the monitoring systems. For instance, it's nice to be standing by the patient's bed and see the monitoring data. It's even better to be able to export that data to another system so that it's more useful, or display it on a website so MDs can see it. All of this requires networking capability, and Microsoft (like it or not) is considered a leader in the field for server software, and has a large division providing solutions to healthcare.
Overall, the more advanced features you want a clinical system to provide, the more that system needs to integrate with other systems. Companies have given up reinventing the wheel on this every time, and are basing what they do on standard software and protocols. Microsoft is one of those. We try to avoid it whenever possible, however in most instances the decision for one product over another is based on clinical value, and not IT preference.
If something on an aircraft gets certified, that's the way it stays. It doesn't get changed without all the appropriate signatures. Naturally, stuff doesn't change very fast. The result is that although the plane you're flying on may not have all the latest bells and whistles, it sure is reliable.
I agree with the many posters who think that being able to surf the internet on a cat scan is nuts. Clearly, the certification standards need fixing.
It is still the Hospital's IT department's fault for reccomending a solution based on Windows *, a set of known security-challenged operating systems. There's a reason many ATM's *still* run OS/2, it's stable and secure, and proven so over many years.
There are many other viable OSes out there that are robust enough for medical use, in the realm of megabuck liability I'm suprised the IT beancounters bought into the idea of secure Windows...
My Other Computer Is A Data General Nova III.
I would think that a computer that's controlling medical equipment (be it running Windows, or whatever OS) would be protected against the hospital staff "upgrading" it. Things like network connectivity, removable media, USB, and the like are not only unneccessary but are also conduits to possible worms and viruses. The system should be almost embedded... boot right to the application and don't allow any modification.
I'd hate to think of life support systems running off the average, spyware infested XP machine. Tell me that's not true, please!
on life-safety equipment, why in hell is ANY outside operating system in use??? you CAN control bugs in your own code if it is YOUR OWN code. get back to machine language FSMs for the specific purpose on a piece of hardware like a monitor. it is irresponsible in the extreme to rely on somebody else's box 'o' bugs as part of your life-safety system. period. anything in that realm that needs wide access should have an outboard trusted "my code only, dammit" interface that the wild wild web plugs into.
basically, it's just pseudocode that anybody is writing any more, anyway. flip it through a different compiler, a cheaper machine language compiler, and debug with a logic analyzer if you have to. this is what the better high school kids were doing in the late 60s and early 70s, anyway, kids like wozniak and gates and kildall. wasn't any rougher for me to debug in the late 70s and early 80s than anything else.
if this is supposed to be a new economy, how come they still want my old fashioned money?
... read this as: "Fed-Ex Helicopters Defy Widows Patch Adams" ?
For one thing, remember you're talking about degrees of separation - even our CEO's machine didn't have a public IP, doesn't mean that couldn't get to the outside world for email, web journals, medical news, medical procedures, research, the list goes on... and as we all know, if someone can get out, someone else can get in given the right security problems. A cardiologist may need/want to use a web reference when asked about or confronted with test results, but also has to be able to get the test results off the machine.
These things are firewalled to hell, but if embedded medical devices are running Windows, chances are the hospital trusts them enough to use them for their firewalls too. Even though MS didn't write our firewalls, a hospital who has machines running any firewall on a breached MS OS is vulnerable.
Because the stakes are so high in these settings, it was always a fear of what might be more than what is. The security breaches at the hospital for the 4 years I was there were all internal - a nurse pulling up a chart for a patient that wasn't hers because she knew them for example, something like that. However, even an internal breach sparks a big what-if scenario because all the sudden people are screaming down your throat about a guy walking in with a wireless laptop and hacking from a janitorial closet. It doesn't have to pass an IT personnel laugh-test, medical personnel (even biomedical personnel) don't necessarily know anything about the underlying IT they are demanding answers about, and frequently know only enough to be dangerous (if that much). They know if it's possible, it must be prevented. The thing is, they're right too (not that you'd catch them giving up their internet access to prevent it).
Wireless is a whole other monkey-wrench leading to more scenarios that must be addressed (e.g. the janitorial closet laptop cracker). Especially when the most crucial elements - the devices themselves - are accessible via wireless. I feel bad for the vendors, can you imagine trying to convince a justifiable paranoid crowd that the devices are safe when they just read an article about hijacking bluetooth wireless phones?
The only thing more dangerous than a file named -rf is renaming it -rf\ /
Of course this situation gives a whole new perspective on system crash or BSOD.
Fight Spammers!
we both were terrified and shocked for a second before the doctor stopped the scan and rebooted the scanner. It came out normally next time. She said it happens once in a while every April 15th. Heck man i plan to sue GE for using Windows
"Doing what i can, with what i have." ~ Burt Gummer
>>"Anyone that knows anything about embedded systems with high quality requirements know that you stay away from large OSes."
>Why, exactly? Because nobody would know how to hack your tiny little proprietary OS? That's crap and you know it."
No, not because the "tiny little proprietary OS" is less prone to being hacked... The smaller, lighter OSes are better for real-time/specific applications because they are not fat and balky and don't carry unnessary components that can bring about the additional headeaches of worry about keeping them up-to-date.
What the original poster meant, was that, if all you are doing is a specific task that requires real-time acccess, then you should be using a slim OS. Why does one need a web browser, and half dozen other tools that come with a normal OS when they are not using it as a general purpose OS? Slim it down and cut out the factor of worry about a bloaded OS.
make sense?
-f.
...and remember in your brain boggle, wrong starts with a wubble-u.
Since the problem is not stability of the OS, but the vendor not verifying patches to work with the application, you have solved nothing.
You think GE Medical Systems, Philips Medical Systems and Agfa are suddenly going to test the shit out of Linux patches (which are just as plentiful) because....?
I'm sure all the IT directors are ready to take the patients' lives in their own hands and do some kernel hacking and beta testing on site, though.
+5:offtopic,but anti-American
Blue in the face scream of death...
How long will medical school take if doctors must learn about both human *and* Windows viruses.
General Zod defies son of Jor-El.
many many hospitals are all running on window$... the only exception is usually the accounting system is usually and AS400
.... ah just choose M$
hmmmm money NOT windows
life
With lonely old people when snuffing it, with no relatives left, all alone - at least Bonzi Buddy will be there for them!
Ok, I am 18, going to be a senior in high school, so this doesn't apply to me, however my mother is the CLC (Chief legal council) for a large hospital. The hospital is going to be upgrading their hardware and are currently negotiating between two diffrent companies. Part of the reason that the data is unsecure is because the doctors need to access the data. The doctors at this hospital are pushing for all data to be accessable over the wireless network so they can use their wifi enabled devices/pda's to get information about patients perscribe medicine. And frankly wifi (802.11X) is not the most secure thing on earth.
In nature, there are neither rewards or punishments, there are only consequences.
My wife and I had twins in March - our first (two). When we arrived and were assigned to our room, a nurse came in and put two fetal heart monitors on her. I, being the geek I am, was interested in the computer and software that the nurse was configuring and looking at. It turns out, the computer was a standard off-the-shelf HP running Win2K and the monitoring software.
:)
It is a standard desktop app with a bunch of fancy bar graphs and options buttons, a view for a single monitor, or I could switch to a multi-monitor view and watch all of the monitors in maternity from that machine. I know all of this because I played around with it while waiting (it took a while
The sofware is designed so that the nurses can monitor all of the rooms from the nurses' station or from any room. It's a good idea but the security involved is a joke. I don't suppose they anticipate every new dad coming in to be a curious geek but any moron can see that it's a standard windows pc running a standard windows app. Had I not been so tired and had more presence of mind, I may have tried to browse the web with it just to see if I could.
In any case, leaving a machine like that unlocked could be as much of a risk as leaving it unpatched. The maternity ward is a lock-down environment from a physical security perspective and fetal heart beat monitors aren't quite as critical as the iron lung but the ramifications are the same. Some wandering kid roaming the halls sees a Windows screensaver somewhere, associates it with *internet* and it's lights out uncle charlie.
If you do what you always did, you get what you always got.
They are.
The ultrasound machine that they use on you isn't running windows.
The computer hooked up to it, which handles the image analysis, display, and archiving, however, probably is.
Vintage computer games and RPG books available. Email me if you're interested.
First I didn't read the article. I have worked in a hospital for over 10 years. From personal experience I can say a hospital can provide some of the most interesting computer setups that you will find. And all of them are considered critical. I don't know if they are referring to servers running Windows or to actual medical devices running it, but I can say that they do exist.
Down time in a hospital is extremely hard to come by, many systems are used by many departments and no one wants to be down for an hour for patches. Microsoft really isn't the problem here, though it would be nice to blame them. Most hospitals run the gamut of OS platforms, from AIX, Linux, Windows 95/98/2000/XP (yes we still have 95 in use, and some medical devices actually run 98, scary huh.), Apple OS 9/X, SCO Unix, that's all I can think of at the moment, but I'm sure there are more that I don't know about. All of the release patches. We have servers on site that we pay for that we are not allowed to do anything with, we don't even know the passwords. Sometimes that's fine with us because we were never given instructions on how to fix their problems, so better to just bug their support than us. Other systems we have some control of, but the way they were certified with the FDA we can't do anything with the system. In fact, just a few months ago I helped setup a system for our Labor and Delivery department to help with fetal monitors. This system seemed like it will do everything they need, however it is almost completely separated from our network, with the exception of an ADT feed. We are not even allowed to turn on automatically adjust for daylight savings, because that wasn't how the system was certified. Will this system ever get patches, not by us, and I doubt by the vendor. They had separate network drops installed from our network and that's the way it's going to be. Not only that but part of their backup process actually involves a floppy diskette.
Couple the FDA issues, with nobody wanting to spend money (for network equipment) and nobody here to do the work and you have a prime problem for a disaster. Viruses are a huge issue in a hospital a virus can take down many systems with no problem, you might say it needs to be more secure well tell that to the companies that require open shares for their product to work. Viruses are also a problem in hospitals when you consider the computer experience of many nurses and doctors. Some don't understand that an email can show up from someone they know and not really be sent by that person, so they trust the source and then we have an infection. Our POP3 server checks for new dat files every hour and still by the time we get the latest dat files the viruses have already been received by people. There is no way to win that short of time delaying email by like a day and that wouldn't go over well.
I've gone on too long, now most of these problems won't directly affect your patient care, aside from maybe slowing it down a bit. It can cause problems if you frequent that facility and they have previous studies and results to look at but suddenly they don't have access to them. Or that could even be the case in the current visit. One good thing with all these systems though is that they are redundant at times, so your allergies for example may be in 3 or 4 different systems, so if one is down they should still be able to find it in one of the other systems.
Also, don't forget that hospitals haven't quite made it to that paperless Nirvana.
AC signing out.
Incidentally, it has been "GE Healthcare" rather than "GE Medical Systems" ever since they bought Amersham.
This is just one of the many huge problems inside hospitals these days. Many people do not realize how often just a simple name and patient number gets assigned to the wrong person. Records get swapped with someone else or a gender or age gets changed. All these life threatening mistakes are human error. The problem is that the transcriptionists get paid per word. Not whether they word is correct and the document they transcribe is correct. It's also all about money and internal politics. They choose systems not based on whether its a good match for the hospital and the patients but based upon which board member is in bed with which company. They'll spend 10s of millions of dollars on a new system just because some higher up gets a kick back or has a golfing buddy. Then the system turns out to be total crap and they start the process all over. All the while they raise their cost of doing business and push it off to the patient.
Knowing what I know there is no way in hell I will ever go to a hospital unless I'm already dead. Cause they'll kill you just sitting in the waiting area.
I've been working in this field for five years now and believe it or not, the FDA is not the problem. The FDA approved off the shelf software for medical devices because they realized that they're not qualified to determine what the best piece of available technology should be for a device. Not to mention that if they tried to decide that what they came up with would be obsolete by the time it got out of commitee. Instead they require that whatever your developing follows certain logical guidelines with respect to Quality and that your systems are tested thoroughly.
The problem is that most medical device manufacturers have IT staff that either lack the knowledge to pursue alternatives to Windows or simply lack interest in any of the alternatives. To make matters worse, the buyer/user of such systems has little they can do about it except choose another vendor, and in many cases that may not be easy or even possible.
Bottom line, it's a racket. Especially when you see the prices for some of this stuff. You realize that many of the vendors are more interested in just getting something to market that works minimally rather than putting out a really good product that can stand the test of time.
Kinda give a new meaning to the blue screen of death huh?
"Capital punishment makes the state into a murderer. Imprisonment makes the state into a gay dungeon-master"
And I thought I had a high tolerence for insensitive jokes...
Bah!
The problem is that staff need connectivity to application servers, and the same staff need access to a ton of other servers, including outside governmental services on the Internet. You can't segregate the "critical" servers from the user's PCs very easily, so the "critical" servers are usually one hop away from the Internet, via the users' PCs. In any case, the managers making decisions where I've been can't make the case for putting the users through the increased difficulty of doing things securely.
:^)
Another thing is that we're under huge pressure to give physicians and radiologists access to data via the web. This could help save lives, if a patient's physician can look at their ultrasound, etc from his hotel while he's on vacation, etc, but the price you pay (which never counts for much with our managemnet) is decreased security. I am in this situation with some SW vendors who refuse to support a system if we let Windows Update automatically patch their system. They're afraid that they'll waste some support time on a problem related to a M$ patch breaking the OS or something their code depends on. I'm tired of seeing services killed and machines hung by what appear to be patchable exploits, so I'm doing it anyway. By doing this, you're giving the vendor a "get out of supporting their own app for free" card.
A final perspective is the class war between technical folks and the suits, who in my health care career have been non-technical folks who don't really like or understand technology, just data and applications, and in my current case, who seem to have a psychological/emotional problems with technical people in general.
When a clinical staff member here asks for some new functionality, or complains about having to change their password, management always comes down on their side, security be damned, because the implication is that if we require clinical folks to do _any_ extra work, or don't give them some new one-click, time-saving feature, we are impairing their ability to care for patients. It's the same way with supporting applications or hardware after hours, if a printer's jammed, it's perceived as being equivalent to a patient bleeding to death. Oh my god, it's "affecting patient care"! That's one of the reasons management doesn't want to tell a clinical user "no" Any time we say "no" we're perceived as being a problem. Those types of users can't see far enough don into the technical aspects fo things to understand the threats, just that they have to remember another password, or click another button.
Enough of this ranting. I'm getting disgusted with the whole thing all over again!
If you can't tell yet, I've had enough of being a technical proletariat. I'm sick and tired of dealing with Microsoft OS's and applications, and since there's not much else IT work in our area, I'm starting a new career in teaching with taking a 40% pay cut to teach at a local university.
By this weekedn, this will no longer be my problem
Why don't they design their software, so that it doesn't break when patches are applied? Its not that hard, really. Its always the half-baked custom software that is most vulnerable.
This is just too stupid to be believed.
There have been several instances in which viruses originated from medical instruments straight from the vendors, says Bill Bailey, enterprise architect at ProHealth Care, a Milwaukee healthcare provider. Medical equipment arrived with computer viruses on it or service technicians introduced the viruses while maintaining the equipment, he says.Does any vendor check this stuff before they ship it out the door? And what are the service technicians doing - downloading pr0n on someone's dialysis machine? The levels of incompetence and criminal negligence it would require for worms to get into patient care equipment are staggering to contemplate. If you so much as think of checking your hotmail account on that laptop Phillips gave you to diagnose equipment you should be fired. I can see doctors' and staffs' office computers being easy pickings, but the same security holes exisitng in equipment used in any actual medical capacity is the kind of disregard for life that I thought corporations only possesed in bad comicbook movies.
All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing
So, if the hospital installs an uncertified piece of software on the machine, then they would be at risk if death or injury occurs, not the vendor.
If someone was injured by an unpatched machine, the hospital could pass liability back to the manufacturer - after all, they were in full compliance with the federally tested machine configuration. In which case, the manufacturer would be held liable for any injuries.
But it doesn't stop there. The manufacturer could easily and convincingly claim that Microsoft overstated the reliability of their operating systems, and the failure was due to Microsoft's code. Convincing a jury that a Windows crash caused the injury would be a trivial exercise for even the most inexperienced attorney; almost everyone has had some experience with a Blue Screen of Death.
Now comes the interesting part. Yes, the manufacturer may have agreed to the EULA, and may not be able to sue Microsoft. The patient, however, did not agree to the EULA, and having been damaged by Microsoft's code, could easily convince a jury, that in spite of the EULA, because Microsoft knew that their code was being used in medical devices failed to show due diligence to protect the user. Microsoft can't weasel their way out of this one, because the EULA doesn't apply to the patient. And, unlike the software liability cases, a medical malpractice case could easily charge the defendant with millions, or even billions of dollars in punitive damages.
The society for a thought-free internet welcomes you.
Speaking from my office inside a hospital, I feel I'm qualified to answer that. First, I'd like to say that all equipment involved in patient care is never networked and moreover isn't running Windows for its firmware. Aside from those devices, there are a myriad of other things that have medical data on them that must be on the network. For instance, our CT scanner is directed to do a scan by a Solaris machine that we're never supposed to service which in turn is accessed by a 2000 box (actually several) that provides Imaging staff with the data collected. Said machines are on their own VLAN, separate from larger intra-office network, but I'd feel a lot better if everything were patched anyway. Case in point, some luser brought their laptop in one morning, and naturally Blaster blew through the office with freighting speed. Policy changes were made and now that should never happen again right, except Sasser got in through an entirely different method, VPN'd transcriptionists. Ok, so now its should be clear to anyone that no amount of vigilance will prohibit anything from happening ever again since we have users so what are we supposed to do about Philips server that runs Microsoft SQL Server 4.2 that will never be upgraded because they're too scared to try and test their application on anything else? My thoughts on this are that if they're selling hardware that runs software that could ever need patching, they should be responsible to test these patches and deploy them to us immediately. But that will continue to be my wish. Unfortunately we.ve just opted to let them force us to run antiquated software and we have to try and make up for it with an intelligent infrastructure. Still makes me angry.
...cliffhanger... but you can always open them with a key anyway. :)
/. and I know he'll have an interested in this article so that's the reason for the AC post - and besides, if you guys knew where I was, you'd never have a procedure here now and I'm pretty sure that could get me canned. Have a good Monday!
And now, just to see if I can get you guys riled up: The scariest things we have here are the Pyxis machines that dispense drugs (think of it like a vending machine with medicine) that runs Windows 2000. We've never heard a peep from Pyxis about patching these machines.
And finally, just in case you're wondering, I'm not that Network Admin, but he does read
Why are these computers running Windows and not isolated from the internet? Design, IT, money, politics, and doctors.
Why are they connected to the internet? Because they are designed to be connected to the internet. Data is gathered and must be sent to servers where it can be stored and accessed. Somtimes this information doesn't even come frmt he same hospital any more. once safe on its servers, it must be accessed by clinicians. These clinicians typicaly can need to access any bit of information from anywhere. If you have information that nobody can access, it doesn't do you any good. Originally these machines were separate and not on any network. Putting them on the network reduced the time it took to shuffle the information around from days or weeks to minutes, helping health care greatly.
Why are they all running Windows? Because that's what IT wants. Be aware that anything that is installed today as probably planned out many years ago. Seven years ago, most Radiology was all macintosh but hospital IT only knew Windows and wanted to get rid of anything that wasn't Windows for Windows. Reasons for this can be fit under any of the other reasons from money to simply not wanting to have to learn anything they didn't already know. These days the attitude seems to be much like it was seven years ago, but IT is complaining about Windows instead of Macintosh and wanting to go to *nix.
Money. Windows boxes are cheap. Training has already been done since most people are already familiar with them. Programing is also cheap. To take everything off the internet but still have it connected and functioning like it's supposed to would require a separate network and duplicate machines to do clinical work as well as other work that needs the internet. that's worst case senario. Things could just be locked down with greater security (in most cases they are already) but to hire security people (who know what they're doing) requires more FTEs that would benefit the hospital greater if applied elsewhere. It's stupid to skimp on your netowrk security, but in today's economic climate, especially for public hospitals, you have to skimp someplace and netowrk security is usualy not an immediate need compared to more nurses, techs and doctors on the floor.
Politics can also come into play, especially at public hospitals. Add in ties to a medical university and yo're really got a snakes nest as state, federal, county, city and school regulations and agendas get intertwined. Somtiems it's not even known what the correct thing to do is because you may ask but by time they get an answer, everything has changed. Add in different departments all using their clout to get things run the way they want them run, and you don't have a top down heirarchy like a kingdom but rather a hospital that is a bunch of little fifes all fighting for their little area of control. IT is going to want to do things the way they want and sometimes that isn't only not what the hospital wants but not what they need.
The kicker to all of this is that things get done how the doctors want not how they're supposed to be, at least that's how the doctors think it should be done. It's often stated that hospitals would get rid of doctors if they could. they've trained all these years to study medicine and that's what they are paid to do and many don't want to learn anything else. They're top dog and sicne the hospital can't exist witout them, they like to throw around their weight to get things done their way reguardless. many don't listen to anyone else and will walk in and unplug other computers (that they don't) need to plug in their laptop without asking permission. They're the ones installing wireless without security, demanding generic or blank paswords, and many other bad security practices. They often know just enough about computers to really get into trouble.
This is beyond frustrating. I've read all of the current Score: 5 posts so far, and only a couple people get it.
.NET, and Carmack 0wns!" responses without really thinking about how technology and money and medicine are in this life saving spiral of improvement, and lower cost, and *risk*.
Hospitals demand things that they can't have. They absolutely demand full integration with Windows, and they absolutely demand security and reliability that Windows can not provide. As a vendor, what are you to do?
OpenOffice.org is nice, but honestly, it doesn't cut it. Wine is nice, but do you really think it's going to have better critical-system behavior than Windows?
It's All. About. Throughput. Anything you can do to speed up the work of a doctor will save lives. You're running a risk, at that point, of decreasing reliability, and so you balance on the knife edge as carefully as you can.
People have said "negligent" this and "criminal" that, but they forget how *new* technology in medicine is. These people are not using technology because it's interesting, or because it's fun, or because it's slightly easier than doing it the "old way." They're using it because it saves lives.
Picture air-traffic control systems. Why haven't they been updated to run on things more recent than vacuum tubes? Because it's scary as hell to work with it. It ain't broke! Don't fix it!
Well, with medical data, it's kind of like if the number of planes in the air doubled every 12 months. Those air-trafic control systems would have to be updated all the time. But lives are at stake! And then the vacuum tube company goes and releases "patches" that can totally change the system behavior. What the hell are you supposed to do?
It's kind of a flawed analogy, but you have no idea how much critical information is being exchanged, and how much the rate of change is increasing.
You go for the highest price-performance point that you can, and sorry kids, but that's Windows.
Heck, you could make the case that using a C++ compiler is negligent, since there are known bugs. You could make the case that using Intel processors is negligent, since there have been known processor bugs. Abit motherboards, because there used to be problems with the capacitors. Honestly, what technology is safe enough for computation that you could not possibly object to it? Even NASA doesn't get it 100% right, and they spend a lot more on redundancy and quality than any hospital.
It's scary stuff, but you can't fire off the typical Slashdot "use PHP, and NAT, and Redhat, and
There are no easy answers. But given the choice between leveraging technology to save lives, and not leveraging technology to save lives, I think you have to give manufacturers a break.
Now, hospitals could certainly do a better job of routine network maintainence, but you have to rember how much of medicine is about collaboration and sharing information. It's not like they can run in isolation, as some have suggested. A hospital isn't self sufficient in the way that many businesses are, in their day-to-day activities. They share data, and they collaborate, and it all is critical, and it all needs to happen in no time at all. Just as a for-instance, the majority of hospitals generate more than 10 GB an hour in one department alone (CT, MR, NM, US). Any of that data could save lives, if it's accessible at another hospital across the country, where that patient happened to show up, complaining of chest pains. How do you do that, securely? How? The hospitals are owned by different companies. There are laws about privacy. Heck, even the bandwidth issues are daunting.
People talk about how wireless computing can save lives, as docs get to access information wherever they are. Well, what secure wireless connection that's commercially available would you like them to use? Eventually, nothing is secure and reliable enough to trust for healthcare, but it's b
Are there really systems that human lives depend directly on that are running Windows?
If my life ever depends on some software, I want the operating systems and all the other software to be mathematically proven to be correct and I want multiple backups/failsafes present. I don't want it to be some VB app running on Windows because it's quicker and easier to develop.
corporates don't include a locked down windows firewall on each users workstation.
Not only would it control viruses, etc - but what users can get up to.
Alex
So there is no way Hospitals should be patching these machines without a proper testing and approval cycle.
And with new patches arriving every week, how can the manufacturers possibly stay current?
The only responsible course of action is to get these machines off the network.
It does raise an interesting question. Suppose you put these machines behind individual firewalls. Is it possible to guarantee that they will not get infected while providing any useful services through the firewall? If so, what are the providable services?
It would be nice to be able to remove all removable media devices as well to prevent infection by that vector. This would require that one do all data takeup over the firewalled network, so at least secure ftp would be desirable.
Squirrel!
if you are dumb enough to create a mission critical application in Windows, you get what you deserve.
Unfortunately in this case, we have patients whom bear no blame in such stupidities.
so what to do? lots of bitching and fingerpointing, workarounds and a whole lot of pain and suffering....add slashdot and stir vigorously
[Gates] (pointing to a machine with lots of flashing lights) And that is?
[Administrator] Aha, that's the Windows XP machine that goes "ping"!
[Gates] (beaming) Very good... very good... and the patient? What's she here for?
[Administrator] She's shortly to give birth, Mr Gates.
[Gates] A birth, eh? So what's one of those then?
[Administrator] That's when the doctor takes the baby from the lady's tummy.
[Gates] Ah, I see. And will you be using the machine that goes "ping"?
[Administrator] Of course, Mr Gates.
[Gates] And you'll be wanting the upgrade of course...
[Administrator] Upgrade, Mr Gates?
[Gates](putting his arm round the adminstrator's shoulders) Administrator, as of Service Pack 2, your machine that goes "ping" will become a machine that goes "thweep ftang chortle whoop".
[Administrator] Really, Mr Gates? Well, we'd better have one of those then.
[Gates] (taking out a pen and a contract) Excellent! Well, if I can just have your signature here and a deposit for £100,000, I'll have the upgrade winging it's way to you first thing in the morning.
[Administrator] (after signing contract and giving Gates a cheque) So, any other questions, Mr Gates?
[Gates] (beaming) Yes, actually there is one. The patient? What's she here for?
[Administrator] She's shortly to give birth, Mr Gates.
[Gates] A birth, eh? So what's one of those then?
etc.
Gentoo Linux - another day, another USE flag.
scary...
But there are a lot of applications that are not themselves critical, but could play a part. I work for a company that does materials management software for hospitals. This stuff is tweaked for efficiency, and hospitals rely on it. It runs on Windows only. Doesn't sound quite like the importance of a pacemaker, right? Well let's say the hospital gets hit by a virus. Yes, it happens, even with firewalls. Now their materials system is fubar, and they are used to it having the right supplies on hand at the right times. If it is low on something, it reorders it automatically. Now they are screwed, and they don't have something that they really need. Someone could die.
Hospitals have to operate on razor thin margins, and they can't stock millions upon millions of dollars of everything. They look to lower their on-hands inventory as much as possible.
There is all kinds of software in the hospitals that can go horribly wrong, not just the obvious stuff.
My beliefs do not require that you agree with them.
Why don't they design their software, so that it doesn't break when patches are applied?
You don't seriously believe that Microsoft gives anyone advance notice of what the patch is going to break, do you? Have you seen the ambiguous and undetailed language that goes with the WinXP SP2 patch? There's nothing actionable in there, certainly nothing testable. Until GE gets it and tests it, and authorizes it for the build, it's an astonishingly risky thing to install it.
21cfr11 mandates that only the tested configuration can be used, and if the hospital choses to violate that federal statute, they are not just at risk of screwing up their scanner, but they're technically in violation of federal statute.
I'm not defending Microsoft here, nor am I saying it's smart to have Windows in scanners, but it's there (less now than 5 years ago, but still there). The penalty for using it is that it's quite likely that some piece of malware _will_ find its way into the scanner. They're more vulnerable if they don't patch, they are going into an unsupported (and unsupportable) configuration if they do patch. The only answer is to not use Windows, but until all the 'doze-based scanners are history, they're stuck with it.
why are these machines in a position to catch viruses and the like in the first place?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Critical systems like medical systems should not be networked unless they are inside a canned network. The military has a good example of how to manage this. When I worked for the military, we had SIPRNET (Secure IP Router Network). This is a classified network and is issolated from other networks. Basically, it is a worldwide parallel internet with email, web pages, ftp and all the normal internet services, but all self-contained and moving over secure lines of communication. We all had two machines. One box was the SIPRNET box and the other was our every-day office apps box. They were not connected and could not talk to eachother. The only "connection" was a KVM so we could share keyboards and monitors, but otherwise no data connectviity. The only threat from worms and viruses occured when somebody was moving data with floppies. Our SIPRNET systems did have a virus scan, but that was normally not a problem because sticking a floppy into a secure machine was highly discouraged and managed.
Yes, it's an outrage, and there's far more than medical safety at stake here.
Lest we forget, the Navy "Smart Ship" USS Yorktown was "dead in the water" for two hours, due to their reliance on a Windows NT application.
i can tell you that it isnt the medical devices themselves running windows, it is usually the computer that controls it or the computer that makes the operator's life easier which runs windows.
also windows boxes are used sometimes as a way to link the medical device into some proprietary database of patient information. the hospital i worked at had a crapload of devices in the lab which attached to this one nt4 box via serial (it had about 20 serial ports courtesy a breakout box). the serial communications were then redirected by some custom software accross a tcpip link to a server in another city.
hospitals buy complete packages from vendors. that fancy new ct scanner might not be running windows, but the computer that can turn its scan data into a 3d model might be...and you bought both of these together as a package deal (complete with support and maintainance agreement from the vendor).
I'll be here all week.
To be honest with you, I suspect your colleague has some issues other than just "Windows XP" itself. If you were able to get his MRI scanner doing everything he needed with his old system running an outdated version of SunOS, there's no reason I can see why it shouldn't really work just as well under XP - unless the code wasn't well written/translated to his XP environment.
Windows has plenty of security issues still, but I've worked with enough XP boxes to know that stability issues are practically a non-issue, unless you use faulty device drivers or have poorly written applications involved (assuming no hardware problems like bad RAM, which can happen too).
I know this isn't exactly a "Windows friendly" crowd here, but those of us running XP on our own systems can probably back me up here. How often have you guys really seen it blue-screen and require a hard reboot? If/when you have, what did you track the problem down to? Only time in 2+ years my box has acted up like that, it was a failing IDE drive failing to write the temporary swap file properly.
When it comes to basic serial, parallel, or ethernet I/O (like it would typically be to interface with some external device like an MRI scanner), I see no reason to claim an old flavor of Unix would do a superior job to XP?
A lot of our medical vendors are preventing us deploying TSM backup clients and NetIQ monitoring agents on "their" machines. With no alternative backup or monitoring suggestions.
--D
These days Doctors do need to surf the web. WebMD for example is a huge resource for doctors to cross reference info. No offence but I would like to know my Doc is in the know and up to date with current treatments, and statistics instead of waiting for the latest issue of the new england journal of medicine. not only that with many patient databases going into huge centralized databases (yes this is a good thing) they need to access this.
On the other hand, often Sys Admins have to wait for vendor clearance to patch some servers, leaving them potentially vulnerable.
We have to spend a lot of effort making things work on Windows. Both on the instrument server level (because Windows programmers are "easier to find" and "cheaper") and on the user interface level (because customers are supposedly "used" to Windows, it's "just like at home" and therefore easier to operate - never mind the fact that we write a complete custom UI with custom controls).
Also, our instruments are used to generate images, which are usually assembled into reports (PowerPoint presentations, etc.). Of course, we strictly forbid the end user to install anything else but our own software on the machines, but it's with a big meaningful wink, and they usually do it regardless.
That also means that the instrument controlling PC ends up in the company (or hospital) network, so that images can easily be transported to the operator's desk when (s)he gets back after using the instrument.
That also means that the company's (or hospital's) IT department decides which updates get pushed onto the controller PC.
The fact that many popular virus scanners think it's so damn important what they do that they can run their scan at high priority, meaning the computer can't do much else, doesn't help either.
It's just a matter of time before somebody dies because the machine that was supposed to be scanning him instead was scanning itself for viruses. Oh the irony!
I wonder if security patches have been applied to his pacemaker.
I used to work for a company that provided pulmonary function software and hardware for drug studies.
In asthma drug studies, it is not unusual for the protocol to use an agent called methacholine to induce an asthma attack, then use the study drug to recover the subject. Obviously, methacholine is administered in a very cautious and measured manner.
Imagine what would happen if the valve that regulates the methacholine intake stuck open, continuing to dose the subject?
(Which, by the way, my former employer had happen - due to a hardware issue with a certain computer manufacturer's serial ports sending unreliable data rather than a software issue, but it's entirely possible that it could have happened as a result of an OS upgrade - you never know what MS is going to touch.)
The ultrasound machine that they use on you isn't running windows.
I work for the number one ultrasound company, and half of our products already run Windows, and the other half is being ported over as we speak. Our competitors are no different.
You are somewhat right, in that the low level FPGAs and DSPs aren't running Windows. But so what? Every real CPU on the system is!
Don't blame me, I didn't vote for either of them!
17 months ago, when my wife went in to give birth to our son, she was hooked up to a fetal monitor. It was a brand new piece of hardware (Dell I think, and I believe it was from GEMS), that was running Windows NT 4.0!!! I seriously wonder how they managed to get NT 4.0 to even support the hardware!
Just as she started giving birth, the monitor crashed. No one knew what to do, and I a Unix person, ended up having to get the monitor back up and running for them.
You can not name a hospital that doesn't use Windows. They don't exist.
Should any medical devices run by windoze fail and kill somone, it could be likely shown that that ms has stashed away a few billion for hush-money, so microshaft doesn't get shafted when, I suspect, patients "enter the hospital and experience 'misadventure'" (hospitals don't like to say people "die" in hospitals; rather, they experience a misadventure. Sheesh, euphemisms...)
Do any of you remember or have any of you read the EULA.txt on your widows boxes or those under your command?:
10. NOTE ON JAVA SUPPORT. THE SOFTWARE MAY
CONTAIN SUPPORT FOR PROGRAMS WRITTEN
IN JAVA. JAVA TECHNOLOGY IS NOT FAULT
TOLERANT AND IS NOT DESIGNED,
MANUFACTURED, OR INTENDED FOR USE OR
RESALE AS ON-LINE CONTROL EQUIPMENT IN
HAZARDOUS ENVIRONMENTS REQUIRING FAIL
-SAFE PERFORMANCE, SUCH AS IN THE
OPERATION OF NUCLEAR FACILITIES,
AIRCRAFT NAVIGATION OR COMMUNICATION
SYSTEMS, AIR TRAFFIC CONTROL, DIRECT
LIFE SUPPORT MACHINES, OR WEAPONS
SYSTEMS, IN WHICH THE FAILURE OF JAVA
TECHNOLOGY COULD LEAD DIRECTLY TO
DEATH, PERSONAL INJURY, OR SEVERE
PHYSICAL OR ENVIRONMENTAL DAMAGE.
I seem to remember microsoft (name lower-casing/deprecation intentional) previously applying such legalese or verbiage to windoze itself.
So, what changed? Did the ms legal and marketing teams decide to deprecate the phrase in order to mollify/pacify companies whose legal teams were at odds with ms? If not that, then is ms claiming that windows 2k and xp are fit for duty for controlling aircraft, life support and real-time systems, but Java is not?
Now, when the first patient dies and it's traced to windoze, windoze can be tagged as:
"Into what would you like to be reincarnated today?"
David Syes
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Doesn't the Windoze EULA already covers this by "prohibiting" the use of Windoze-based machines on life-critical systems???
Hrm. I didn't realize the trend was moving in that direction. Ouch.
Vintage computer games and RPG books available. Email me if you're interested.
I work for a company that produces software for family doctors, nothing dramatic, not even a machine that goes ping, we will still be testing a re-testing our software on SP-2 for the next couple of weeks before we do any upgrades on any machine in the field, or even the surgery.
You don't need a lab to make mud.
To your list, which mostly seems to seek to blame those who have the temerity to be poor and fall ill, or even, the cheek!, to grow old, you might want to add "gouging by drug companies". The drug spend is increasing way way out of proportion to overall health spending.
I await the shills telling me that the extraordinary R+D costs of pharmcos justify their gouging...
why does the whole hospital network need to be left attached to the public Internet? Have a few stand-alone surf-stations available in the building so they can go look up stuff they need to. Though really, if my doctor *has* to go check something on the internet before he can figure out what to do with me, I'll just stay home
I'm married to a doctor. Doctors look stuff up through the internet all the time and you should be glad they do. Resources like Pub-Med are indespensible and far more convenient to access through the internet. Would you prefer your doctor take a trip to the library every time he has a question about some rare medicine he's thinking of prescribing? Wouldn't you agree that getting this information from sources like the CDC through the internet is a much better use of his/her time? There's nothing wrong, weird or unusual about a doctor needing to use the internet to access reliable sources of data.
The human body is a complicated thing and even the best doctors need to consult references fairly often. Not to mention for things like checking the latest research, communicating with peers for research, and a host of other uses. Doctor's don't use some random blog they found through google as a source of information. They aren't stupid nor are they careless. The internet is a very useful tool to them, and they know it even if you don't.
Look, when it comes to regular stuff like POS terminals and mall kiosks, Windows is just fine. Even medical imaging systems. Any time you can reboot the damn thing when it screws up, no problem. I mean, it's probably less cost-effective than Windows in volume, but whatever.
But when lives are on the line, it's just STUPID to be running Windows. Air Traffic Control, computers that are used during surgery, etc. Anyone using Windows should just be SHOT. How would you like it for Windows to crash while you're in the middle of a LASIK procedure or a tripple bypass or while you're trying to land at an airport?
While Windows has gotten ORDERS OF MAGNITUDE more stable since the days of reboot-every-day-win98, Windows XP is still an unstable beast. While Linux web servers have uptimes of months, Windows Server 2003 web servers still have daily automatic reboots! You just can't rely on Windows to be robust over long periods of time. The whole virus situation just makes it 100 times worse. So, really, it's just stupid to be using Windows when someone can be injured or killed.
Sorry for the flamebait, but I don't trust my life in Bill Gates' hands. Sorry.
These types of applications call for the bare-metal application of ADA which will allow you to mathematically prove every input will result in one and only one output.
That's why its used for "fly-by-wire" aircraft where it's kind of important when you push the stick down the houses get big and when you pull the stick back the houses get small again.
Medical devices are at least as important and I would not trust any embedded O/S whatsoever in these types of applications. other posters have mentioned the THERAC system which was not validated and had fatal outputs for some sane inputs.
bondage and discipline languages DO have their uses!
Running the IT systems. It's not as bad as they make out - it's worse. I spent the last week trying to get NT4 running on a brand new laptop, because GE refuse to support anything else for their system. That'd be NT4, which is now unsupported by Microsoft.
Pretty much all of our machines (can't speak for others) that run the X-rays, MRI, ultrasounds, etc.. are NOT running windows. Generally, it's unix stuff that I try not to touch (breaking million dollar equipment looks bad on the CV). But the backend stuff, servers, doctor's viewing workstations, runs on Windows. This is what the vendor specifies, and if we deviate, we're unsupported. Bear in mind, this is for a very small practice - as things scale up, the vendors advocate switching to large, and non-cheap UNIX boxes...
MS spent a billion dollars developing this patch. You think they don't do QA? Try looking at some past real-life examples of MS's extraordinary work.
"Give a man a fish and he will ask for tartar sauce and French fries!"
It seems that many hotel IT staff are quite clueless regarding the type of security features available from modern switch gear.
ISO 9000 standards state that items produced must be completely documented before use like this. Meaning that a company that makes Software product Y must prove that it works 100% of the time with OS Whatever version blah, and they same is true for hardware updates. Every interaction that can be though of should be tested. And the company that produced the product is liable for what ever use it gets.
So, if a hospital updates to SP2 and the EKG machine crashes and kills some one guess who is at fault? It's not the hospital.
I work in the Notwork&Suckurity-Deparmtent of a 10k-employees, 13-hospitals, employer.
Normally, medically important systems MUST NOT be connected to any notwork. This is good practice, and reduces the impact of your average exploit by around 99.(much 9s) percent.
The problem, though, is that all those great gadgets (and they're seen as such by the medical stuff) are even more sexy when you can get at their data remotely. Which is why we're pressured into connecting them to, at least, the infernal notwork.
And those "sexy" reasons are usually medically important, too, like, for example, looking at blood analysis data whilst having the patient open, surgically.
Add interdependencies that are so that you CAN NOT just build (n) gazillion networks, they all have to be interconnected in some way. And that way's called TCP/IP, alas. Add to that the need for suppliers to have remote access for support work, and you have those systems connected to the Big Bad 'net.
And don't forget that the actual apps are develolped in controlled, isolated, environments, and you can imagine that RPC-like communications are "secure" by comparison, so you won't have any luck with port-/IP-based firewalling, either.
That battle's lost, frankly. The next big worm'll show that. The argument always goes like "with this $gadget active (read: connected to the notwork) we could've saved $patients life". And, like it or not, that's a real-life KILLER argument. And you don't want to be the killer (BTDT).
on the linked page, it says eCos is not related to linux. You flip a page to the "about eCos" page, it says it runs under linux or windows.
guess I'll just say "huh?" and move on......
Configuration Management means:
- controlling the Configuration of equipment, in order to ensure consistent behavior.
Unfortunately, Configuration Management often does not take into account the fact that when you put a system on a network, it becomes part of a larger system, and unless you manage the entire network of systems, then you cannot really control your conditions, nor can you ensure consistent behavior.
This needs to be taken into account as a basic "sky is blue" assumption of Configuration Management.
Sadly, it is not.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I've developed products that use Microsoft Windows as an embedded operating system. If reliability is an issue, there is only one way to deploy Windows: treat the computing device as a specialized instrument, not as a general purpose computer. ANY changes to hardware and software cannot be tolerated!
The existence of malicious software (such as viruses, worms, and so forth) complicates this idea, but not by much. What it means is that if the computing device is connected to a network, then this network must be a closed, tightly controlled circuit. For idiots: it is because the malicious software may modify the "instrument."
The network could be a small handful of medical devices, each of which is treated as an instrument, not as a general purpose computer. Installing e-mail clients, web browsers, or Powerpoint is not allowed!
Attaching an office PC to the network is definitely not allowed!
If this simple rule is followed, then Microsoft's patches will not be an urgent matter. If this rule is NOT followed, then no amount of patching will make the instrument reliable. Hilarity will NOT ensue.
If GE Medical does not understand this, if the hospital does not understand this, then NEITHER entity should be in the health care business.
"I await the shills telling me that the extraordinary R+D costs of pharmcos justify their gouging..."
Some truth to that. However in keeping with the theme of this story. SAFETY COSTS!! From the FDA and safe drugs, to machinery that's tested second, to equipment for space. SAFETY COSTS!!
"The biggest problem we have is Windows "patches" screwing up our "clinical applications" that run on Windows PCs and the worst that will ever come out of that is some Doctor getting pissed because he has to have the nurse call the Lab and get results Faxed to him when the "computer system" as they call it is down."
Sounds to me like a space Linux could *potentially* fill.
It's really sad how ignorance doesn't stop people from posting.
The majority of you posting obviously know little or nothing about what you're talking about, here. They're talking about "medical devices" not "embedded devices".
A MySQL server, if it stores patient data, is technically a "medical device."
An abacus and a sand glass are technically a "medical device" if you use them to measure heart rate.
And Outlook, Word, PowerPoint, Easy CD Creator, Windows Media Player, Internet Explorer, Excel, IIS, and even applications built on Direct3D are all in the realm of "medical devices" when they get installed on a system that a radiologist uses.
So, the manufacturer of the system says, "Well, if you do a good job of securing your network, this system will perform as designed, as long as you don't upgrade it, or install other software on the system." And the IT department says, "Well, we can't do a good job of securing our network, so we're going to install every patch (including patches for DirectX) that Microsoft says we should, and we're not going to give the manufacturers enough time to guarantee that the device will perform as intended."
This is a world where more frames per second in examining 3D CT images saves lives, and the Slashdot crowd is aping that "M$ 5ux0r5."
This has been a real problem for a very long time in many industrial applications. And it is not limited to the OS but the box as well.
The temptation is way to great for the bean counters and greedy sales typs to switch the robust hardware and OS for the commodity type and save a bundle up front.
Consider a $500 PC and an $2500 industrial PC. If you let the bean counter do the math he will tell you about the 3ghz P4, GeForce 4 100 gig hdd v. the P3 20 gig with an average video card.
Then you explain that the OS's have the same disparity in cost and he starts to get confused
I have said many times before that we have Windows not because it was best but because it was cheapest. Same with the clone PC. MS got to be the default OS because it was generaly 50% of what the other OS's were.
Now when it comes to saving lives the cost should not matter, however, it is still a business. And there are still bean counters and greedy sales people who get to make some very powerful decisions.
I am a biomedical engineer at a USN&WR top 20 hospital, working in the cardiology-related departments. We do have medical devices, including patient monitors, that run in Windows OS's. One is the Witt Biomedical monitors we have in our adult cardiac cath lab. The software was originally written to run on MS-DOS and really only runs on Windows 2000 to provide a GUI for the nurses to point-n-click. It uses Windows file sharing but doesn't even utilize print services. The whole thing should have been rewritten about ten years ago but Witt already has over 25% market share and is trying to compete with the big dogs like GEMS (GE Medical Systems) and Siemens. The old Siemens Cathcor monitors we used to have ran on *nix but the brand spankin' new GEMS Combolab we got for our pediatric cath lab runs on Windows XP for the nursing stations and Windows 2003 for the servers. The Siemens Axiom Artis x-ray angiography systems in our adult cath lab runs a mix of OS's, such as Windows NT (soon to be XP) on the Host-PC, Vertex on the Real Time PC, Neutrino on the Real Time Controller (the truly patient critical part), and Windows CE on touch panels and displays. Siemens will tell you all about their "revolutionary OS" called Syngo that will, to paraphrase, "provide one user interface for all imaging modalities" but it's really just running on top of Windows NT/XP. The intravascular ultrasound machine that we have, a Boston Scientific Galaxy runs on Windows NT. Even the Kodak laser printer we have for printing on x-ray film has a DICOM server running Windows NT. All of this runs on the hospital's open network and has been disconnected for either being actively infected with a virus or for not being patched.
Now a lot of our stuff is not Windows based. Most of it I don't know what OS it does run on (perhaps proprietary information) but I can say it doesn't appear to be Windows. Philips Intellivue MP90 networked patient monitors, Datascope CS 100 intra-aortic ballon pumps, and Worldheart Novacor left ventricular assist sytem (think artifical heart) all have their own software. Some systems that use 3D modeling, like the Endocardial Solutions Ensite 3000 use SGI workstations and software.
Many of the CT and MRI scanners I see, patient monitors we put in, anesthesia carts we employ use non-Windows operating systems, not because Windows is considered unstable or insecure, but because medical IT is so far behind due to the years it takes to get FDA approval on new equipment. Many new systems do use Windows because it's easy to work with and easily networked. For instance, one cool new system (the company and name I don't know) allows an anesthesiologist (who monitors 3-4 CRNA's in as many OR's) to see blood gas waveforms and other vital signs on one of those little clear screens three inches in front of your eye. It uses Wi-Fi to transmit the data to a Windows embedded device in the doctor's fanny pack. It goes without saying that we have incredible signal strength on our wireless network all over the OR area; you wouldn't want a dropped connection there! All of our clinical workstations and every office computer is Windows NT or XP.
I cou
You even get this in embedded systems, where the vendor is supplying the entire system and the customer's never going to interact with the OS directly, and still the customer demands this or that particular OS. And these days that's generally Windows. It's nuts. It's like demanding you use a bubble sort instead of a shell sort. Five years ago you had customers telling you that they're glad you're not using this newfangled Windows stuff, now they're pushing Windows on you...
IAAD, and I currently make less than 150K per year as a primary care doctor. I currently owe 180K in student loans. I also have no savings to speak of thanks to my training years, and am 30 years old (already lost 7-10 years of earning potential).
People who get rich in medicine are highly specialized procedurists (surgeons, anesthesia, cardiologists) or people whose parents paid for school.
I'll never be rich...
BTW, The average primary care salary is less than 150K
Unfortunately, the stakes here could be human lives.
Of course, if they don't patch, it could be security intrusion resulting in patients dying, protected patient data being accessed, etc., anyways.
I would think that a lawyer would have fun with the hospital in that case, for essentially they will have done nothing and said, "it's the HW manufacturer's fault". Isn't that known as lack of due dilligence? The suing lawyer is probably not going to add the hardware manufacturer to the lawsuit at that point. The HW manufacturer would just point their [middle] finger (and lawyers) right back at the hospital.
If that's true, then somebody is guilty of criminal negligence.
ISO 9000? That's so 20th Century...talk about yesterday's news. That corporate fad has been over for years now....
There is no God, and Dirac is his prophet.
My IBM thinkpad 22 blue screens on about every 7th or 8th boot with windows XP. Interesting code & IRQ error number is given: all 0's!! I've worked with Windows for over 10 years as admin and programmer; it's bloated unreliable garbage.
The doctors' and staffs' office computers are exactly the systems that we're talking about here, numbskull.
A "medical device" is anything used to analyze patient data, including a system that just runs IE to display a patient report with images prepared by a radiologist.
Those machines are used in an "actual medical capacity", and they're most definitely running Windows. These companies (most hospitals are companies, too - at least in the U.S.) are doing everything they can to improve health care.
And you scorn their "disregard for life," while they're actually saving lives, by developing these systems with better integration and lower cost than ever before. Better integration and lower cost means that they get used in more medical situations, at more hospitals, and save lives.
I guess asking the Slashdot crowd to understand something outside of VBS security holes in Outlook is asking too much.
I'm not sure serial cables are the best medium for transmitting digital X-rays for instance.
With 3D imaging, this images generate a lot of data. This data has to be saved somewhere, and SCSI over RS-232 was never the big thing.
Also a doctor might have to send a patient to a remote location, but still have access to the images in his own office. A dedicated network should be the goal, but it is not realistic to establish such a net over long distances.
BTW, I'm from Norway, where you could drive for miles without seing a single MR-machine....
The two biggest problems I see in healthcare are:
"Provided by the management for your protection."
Preface: this is NOT a Microsoft/windows bash..
Why in the world are they using a desktop operating system of any kind on medical equipment?
I wouldn't care how stable it was, that doesn't belong in that market.. Embedded systems that are dedicated to the need are what should be used...
---- Booth was a patriot ----
Moron.
What if the hospital puts in Knoppix and runs MAME?
What if the hospital jokingly puts a BSOD screensaver on the system?
If the manufacturer says "DON'T CHANGE THE SOFTWARE ON THIS SYSTEM," and the hospital changes the software on the system, you still think they're not at fault?
Any ISO 9000 system carries with it usage terms. You break the terms, you're at fault. I can't heat the system to 480 degrees Celsius and still use it for healthcare precisely because the manufacturer followed ISO 9000 procedures and told the customer the exact operational range of the computer. They go outside of the usage statement, and the system is busted, even if it looks like it works. They install a security update on the computer, even when the manufacturer says not to, and the system is busted, even if it looks like it works.
Moron.
My decision is decoupled from actual cost when I use health insurance...I should have to pay a monotonic proportion of the true cost of the medical procedure so that I am inclined to make more cost effective choices
If you know a way of choosing not to become ill that is effective, then please share it with us.
If I find out that someone close to me died in a hospital while attached to a Windows-based system, I will sue the hospital for using Windows, and the manufacturer, and Microsoft. The point isn't about attacking Microsoft. Embedded systems should not be built on top of an OS that is designed for end-users who don't need fault tolerance.
I wouldn't build the devices with most Linux distros either. It's not about a religious war of Linux vs. Windows. Microsoft has never put reliability first on their list of features. It is much higher on their list than it used to be, and they have improved a lot. But Windows is not an embedded OS.
I have routinely ran Windows XP for several months at a time without a single issue, the machine that I am testing the Windows XP SP 2 patch on was on for 89 days (according to the network connection status) before I rebooted to ghost the drive.
Most Windows 2000 and later issues that I have ran into were hardware issues. Many cases linked to bad device drivers.
Would I run Windows XP on a medical device, probably not, I would consider Windows XP embedded, and left the firewall on by default.
I know that you're well intentioned, and I know that you believe what you're saying, but you're so completely ignorant that it's painful to read your opinion.
Doctors have to diagnose patients as fast as possible to save their lives. Diagnosis often means reading medical images, and in that realm more frames per second with higher quality images saves lives. And that means Windows, as every game developer will tell you.
Also, Microsoft just spent a BILLION dollars developing SP2 for security, and you think GE can compete with that?
You think anyone can compete with that?
you want another example that doesn't just endanger a few lives for GOBS of them?? the Water Filtration PLant I worked at, the plant supertendant was so self serving and a complete moron that he demanded the new computerized operation and management systems be connected to the main network with internet access. This system controls the chemical dosing of the drinking water as well as pumping rates, valve control, etc.... one hacker or carefully written worm can easily infiltrate it to injure tens of thousands, cause major damage to the city's water supply (Hmm, turn all main pumps on and overpressure the entire system until you have ruptures.)
Why? because the idiot wanted to use pc anywhere to SPY on the employees. the only valid reason... it has no reason to be connected to ANY network yet this fool demanded that it would be.
and that water plant is not the only one with incompetent management making decisions.... How many other drinking water systems are horribly insecure because of PHB's???
to hell with a MRI machine that can only injure/kill one at a time...
Do not look at laser with remaining good eye.
((so sorry ... ))
The story caption noted that lives were at risk, a doctors office PC having to be rebooted wouldn't cause lives to be at risk.. Sooooo going under that assumption is how I came to the conclusion we were discussing actual MEDICAL equipment..
Regardless of your twisted ( and incorrect, as that would be considered OFFICE equipment ) definition..
So nice try..
---- Booth was a patriot ----
Do you separate your network into small pieces that are firewalled off to keep worms from spreading? I know Cerner runs on *nix backends (aside from the idiotic chart servers and some Windows app servers), and so can be used as a barrier to worms while still allowing an entire network to access it. We are looking into segregating our network into small pieces and additionally securing medical devices. I'd be interested to hear what sort of infrastructure you use.
This is the typical patch vs. crash problem. Unfortunately, the stakes here could be human lives.
If human lives are the stakes, why are they betting on Windows?
This is what I don't get. For all their complaints about Windows, why won't someone -- anyone -- choose the alternatives? Just shut up and do your job properly. If your employees can't code for any system other than Windows, fire them and find those who can. It's not like the life support must be compatible with Solitaire, anyway.
"It's stable to keep your condition stable."
I am in the middle of the largest medical center which has departments in the top 10 US News and World Reports. The IT system that everyone uses is, however, completely windows based. The systems we use to access patient labs, reports, etc are Windows based. Windows users, but not mac or linux users, can access the data from home/office using VPN technology. I can see MRI, CT, and radiology online but I am unable to look for the scans by anything other that those that are patient related - looking for scans I ordered or having a patient list for me is too complicated for these systems. Lab systems are the sameway. Incredible, there are no functions like tell me what labs are new, tell me my patient labs, how about a screen with all of todays labs.
As you can see, we are way behind in using computer technology. They will wake up to the benefits of different type of systems about 10 years from now.
Over the last 10 years, everyone's become accustomed to Windows. Everyone has Windows. Once everyone got Windows, they wouldn't use anything that didn't work on Windows. So, vendors began migrating everything to Windows. (I used to work for a software company and now work at a hospital). So now, all the vendor's software runs on Windows, and probably runs just fine... provided the Windows version remains the same as the one it was tested on, no patches are applied, and no other apps are installed onto the same machine. But, users are used to running everything they want on Windows. That, after all, is the point of Windows. Plus, Windows is way cheaper than other options. Not to mention training. So, we're stuck with Windows apps, and there's really no cheaper alternative out there. This would be fine and dandy, if the only problems with Windows were worms and viruses. But no, like regular windows, Windows breaks really, really easitly.
Even the few vendors I've seen who have balls enough to release a Linux version of their software are tied to specific distributions, specific kernels, etc.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
The real problem is not all about patching. Many of these medical devices that rely on Windows are running on default installs. It is nearly impossible to keep a machine with a default install of Windows from getting a worm or virus when attached to a large enterprise network. Worms travel too quickly. Vendors and IT shops are blindly applying patches without testing them.
If the folks building these machines would take the time to turn off unneccessary services, and do some basic hardening (there are several excellent hardening guidelines for Windows avaialble from SANS, NIST, and other places) many of the worms would not be as big a problem. Couple this with some firewalling, IDS, and logical network segregation (as mentioned in the article) and the patches become less relevant.
I work at a hospital and am working with teams developing FDA-compliant medical device software (much to my chagrin they are using Windows). The server build they have developed has been deployed in "the wild" for a couple of years without MS patches and without infection. Why? because they are only listening on one port and have taken the time to disable a bunch of unneccessary stuff.
We need to change the way we look at security flaws and build the machines right in the first place. We can't rely on patches as the sole means of securing systems from every worm that comes along -- especially not when the systems are providing medical care!
Seriously, is the REAL problem the OS? I think the REAL problem is insecure networks. Lets think for a second about all of the Windows/IE vulnerabilities in the past several months... how many of them matter if you're not connected to a network? Windows 2000/XP in my experience has been quite good, and when properly maintained (ie: no junk installed), provides a very stable platform. No one should be "surfing the web" from the deliberation machine, nor can I really see why it would need a serious network interface.... Let alone access anything on the internet! I think what hospitals REALLY need are security experts to take a good long hard look at their network and decide what SHOULD, and what SHOULDN'T be on the LAN... and if some level of network connectivity is needed (ie: the ability to monitor equipment from across the hospital), this should be on a totally separate VLAN with NO access to the internet.... Internal routing only, no exceptions. Computers connected to this LAN wouldn't have removable media bays, so the threat of worms, etc should be mitigated by general inaccessibility.
I know everyone on Slashdot would LOVE to blame the OS, but really... the fault is not with the OS as much as it is the networking admins, and even more likely, the administration for not providing the NAs with the support they need to make a properly secure network.
I'm the A.C., and I actually work in the healthcare industry. And I owned a 1200 baud modem, and I ran a FIDO node. (I actually painted some pretty mean ANSI graphics, too.)
I work with the very desktop systems that are being discussed, and I can tell you for a fact that a serial port is so far from the realm of the topic of discussion as to be a complete non sequitur. The system I work with gets about 15 GB an hour of data. Still thinking RS-232 is the solution? Thanks, play again. The system I work with gets data from machines that are feet away, all the way to thousands of miles away. Still thinking RS-232 is the solution? I work in a situation where life and death is the difference between 20 frames per second of rendered four-dimensional (time is a dimension, thanks) medical images, and 30 frames per second. You still want me to use Mesa instead of DirectX? I work with a system where 4 GB of RAM isn't enough, and a 256 MB video card barely chugs along, and you're talking to me about BBS's? I actually save peoples' lives with the software that I write, and I tell you that someone who thinks that running TCP/IP over a serial port is more SECURE than running TCP/IP over ethernet is out of their fucking minds.
Do you really want to argue this with me?
What industry do you work in?
Trust me: I place my left hand in the air, towards God, and my right hand over my heart - you are most definitely the troll in this conversation.
Now, pretend for an instant that your job depended on making life and death decisions, and that you can't save everyone. With me so far, junior? You're in triage, and people die. Now, someone who has 0% chance of living dies, and his folks and wife aren't too pleased, so they hire some scumbag lawyer to steal money from the doctors who did everything that they could to save his life. Said scumbag lawyer searches the internet for posts made by employees of the public companies whose systems were used, and comes across your arguments on Slashdot, if you don't post anonymously.
I have an actual, valid reason for posting anonymously, and I'm actually engaging you in your treasured dialog, where you're obviously only interested in trolling because you presume that because you know something about technology, you therefore know everything about how technology is used in every situation, prima facia.
Bullshit.
Show me your open source source code for the medical device that you develop from scratch, or shut the hell up, troll.
Now, I'm willing to acknowledge that you write well, and you may be well-informed and well-considered on a variety of topics, but believe me, you are not acting like it in this discussion.
Why is my ire so raised? Why am I cursing and stomping around? Because the hospitals are essentially killing people, when they install software that a vendor tells them not to. And they do it all the time.
So, then the Slashdot crowd gets ahold of it, and criticizes me and my colleagues for using the most popular desktop operating system in the world to host a desktop application in a situation where everyone is screaming for lower cost and better integration, and the IS department says "if it's not Windows, we're not buying it," and the posters here rant and rave like maniacs about class action lawsuits and murder.
Thanks, Slashdot. And thanks, ultranova.
I guess in the future you can call me "Eats Babies," if that's the opinion you still hold of the work that I do, the passion that I show about improving healthcare, and the fact that I took the time to respond to your obvious trolling.
-Eats Babies
The monitors at my hospital's cardiac care unit run on Windows NT 4. Only seen it boot up once though, and that was after a power glitch - no one thought to put a UPS on it.
Some blood analysers also run on Windows NT; the blood gas analysers I use run windows (I think it might even be win2k but I can't remember). I sometimes feel a bit twitched when I've got an irreplaceable sample in my hand, and due to difficulty in obtaining it, only have enough blood for one go.
Fortunately, on all the monitoring systems I've seen, they all have their individual private LANs with no external access. It might limit transfer of data, but at least it stops the equipment from getting 0wned by worms.
Of course Medical Systems will run on Windows. While I dislike the realities of it, Windows systems are cheap. 1. As review workstations: Common programs are easily assembled (think PDFs for reporting, and email clients for sending them) from parts people are familiar with. 2. The server infrastructure: Large-end servers are needed to store medical images (think XRAY (JPEG & TIFF) and Transcription (WAV, RIFF)). These servers are built on Windows based Oracle and M$$QL. Makes sense to me: Cheap. Then the company can charge more for "Enteprise" level equipment on Sun and Linux boxes. These pieces would not need to be embedded. Hell, even the "Embedded-like" devices such as XRay, MRI, CT use common flavors... Sun, *nix and Windows...
-Promethyl
There is a good response in here.
~S
Medical device manufacturers may be required by law to do months of testing before their systems can be modified.
A long time ago (more than long enough to forget, or muddle the information), I did some research comparing ISO 9000 quality standards with FDA part (whatever it is) dealing with certification of devices for medical use.
Along with myriad QA requirements that would choke a fortune 500 company, one of the things you have to do to be licensed is certify any and every vendor on whom your device depends. This puts many companies in the position of having to certify that Microsoft's operating systems are reliable enough for medical applications in order to ever ship a product.
To me, it was a laughable yet frightening circumstance at the time, as I wouldn't have certified Windows of the era to be suited for any purpose at all, much less critical medical applications.
So the point is, those manufacturers may be required to do full testing on any change to their vendors code in order to retain their certification.
All of this may be total nonsense by now, these many years later - there may even be some who say it was never true. To those folks, I say - I read the specifications myself, and interpreted them to the best of my ability. Did you? Just because many people accepted the use of MS software in these applications doesn't mean the actual requirements weren't swept under the rug with a wink and a nudge. After all, what else were they going to use?
1. Most of the older gear runs on Unix or DOS. Most of the Cat Scan machines we have are running on Unix, Most of the ultrasounds are running Windows XP Embeded or DOS, MRI's use to be all Unix, but the new one is XP... :(
It appears that there it is mainly vendor specific, most of the new gear we have purchased over the last 3 months has been WinXP, the stuff older than that has been Unix, but it all depends on the Vendor.
However the problem is more often than not related to the "other" boxes on the network provided by the suppliers... ie Webservers, Compression Servers, etc... all running NT to 2003, and in most cases unsecured and without recent patches... thankfully 99% are run internally.
2. We have had cases of systems not being patched for 3-6 months after the MS Patch was released. Even though my end of the WAN is secured and port blocking etc etc etc... the other end of the network is not, and thus i never stop seeing problems in the rest of the network, usually related to these bits of hardware.
As I read the parent post, I swear I could hear "Hail to the Chief" playing in my head.
Oh, and to the grand parent . . FUCKING OWNED. "omfg serial port web lololo!!!!11111"
newb.
--Former sysop, rochester NY
Add your own BSOD joke here...
That's the last time I run code posted in somebody's sig...
Every wrong decisions require corrective actions to take place, that may be much more uncomfortable and more expensive. That's why good decisions should be made with long-term view.
It looks like the medical personnels believe patching is the only way to stop the consequences of the wrong decision that has been plaguing them, while the device manufacturers believe delaying the patch will prolong the wrong decision from becoming worse.
I would say for the short-term, use the band-aid solution of patching and solve any problems that arise from patching. For the long-term, let the manufacturer develop with the right platform. But let both the hospital and the manufacturer liable for any problems arising with patching.
Anyway they decide, it will be expensive and uncomfortable, because of the fundamental problem of the wrong choice.
That's not what he is getting at. The point is that there are usually multiple treatment options of varying effectiveness. Right now there is almost no price competition in medical care since the decision maker faces absolutely no price pressure at all. Let's say your ingrown toenail gets infected and you go to the doctor. There are many different antibiotics he might prescribe you, some more expensive than others. And you may or may not elect to have him/her remove the toe nail. All I'm saying is that there should be some benefit for the patient to choose lower cost treatments. Obviously in certain situations they will be willing to pay marginally more for the higher cost treatment if it is truly worth it. The financial "test" doesn't have to be big, just enough to get patients to consider alternatives.
----- Question authority, but not ours. Hate the man, but we're not him.
talk about the blue screen of death!! HAH i made a funny
"The program has performed an illegal operation and the patient will be shutdown"
Without reading all the responses and to restate the obvious in all liklihood, Windows should not be used in any mission critical environment let alone a potential life threatening one. Microsoft has gone so far as to spell this out in their EULA, which has included this language since Win 3.0 days at least. To that end Microsoft has been honest and up front as well as covering their ass from liability. Those who build such systems upon this platform therefore assume that liability, perhaps in their foolishness.
The comments that have been made about QNX and other embedded OSes are very valid, but in the meantime... why open yourselves up to problems by leaving systems with known security issues on a network, especially when you don't have the option of patching them?
I'm serious here -- I really would like to know why such an obvious step hasn't been taken.
What if a vendor has the following standards in place:
- The server is not to be used for web browsing
- The server does not have Windows Media Player Installed
- Outlook is not to be used on the servers
If that was the case, wouldn't it be OK for those vendors to say that a particular patch is NOT approved if it could only be exploited if any of the above rules were broken? For example a patch that could only be exploited if a user visits a malicious web site. Quite a few patches fall under this rule. If the server is never used to browse the internet, this patch is technically not applicable to that machine.
That said, someone could do an audit and find quite a few missing patches. It would turn out that the hospital really does have valid reasons for not installing the patches, such as those mentioned above.
Damn, this gives new meaning to our favorite blue screen.
Ok, so you're saying that top-of-line consumer hardware isn't enough... but yet you want to use Windows? And you're making it sound like you have workhorse systems that an emergency room relies on, shit, is practically built around... but it's stuff that's only very recently become availible.
This just doesn't smell right. Yes, you may have a lot of data. Yes, you may have high horsepower needs. Yes it may be mission-critical.
But it has to run on Windows?
Gimme a fucking break. That makes no sense. Anything other than Windows XP or Server 2003 probably can't even use all that hardware effectively. And it sure as fuck doesn't provide the kinda uptime you're raving about here.
Not to mention posting AC is a sure way to peg anyone's bullshit meter. Grow a pair & post as yourself if you're telling the truth (which I doubt). This whole thing just smells bad.
I am suprised that it was not pointed out to the hospitals with the warning of inevitable negligence lawsuits (if the manufacturer specifcally points it out as being unsafe to use for that purpose how can any end user in their right mind take resposibility for the code).
Gives BSOD new meaning (auto reboot is just MS-BS), I don't mind using the toy OS to play computer games but I certainly would not want my life dependent on it.
Chaos - everything, everywhere, everywhen
Isn't that the business of hospitals? Patching and crashing the human body?
Doesn't the Windoze EULA explicitly prohibit using windoze in any life-support equipment?
What kind of an irresponsible prat would base any kind of medical system on a MS product?
This brings new literal depth to the phrase "Blue Screen of Death", now accompanied with music. BEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE P.
This all goes into the Shadow Government's plan, after all. Microsoft has been hired by the Shadow Government to be able to selectively kill anyone in hospitals, including those silly "left wing" radicals (like me) and anyone who disagrees with President Buush (like Michael Moore and 70+% of the nation). It can conveniently be explained away by a software glitch, and noone would be the wiser. Watch out, CIA contract assassins, your jobs may be in jeopardy! :D
"A Goddess rarely smiles for she is forced by others to be an island unto herself." - Zephiris
That theyre using unpatched insecure/unstable software, or the fact they want to install untested patches?
Patches would be just fine if it could be verified that they ONLY affect the one issue and don't mess with other things, you cant prove this with closed source microsoft patches and they have proven time and time again that they affect other subsystems in their patching.
Any hardware which can endanger human life should be running very thoroughly tested embedded OS's supporting only the minimal set of features required for the task, communication with other hardware kept to the absoloute minimum required. I don't want a web browser on my life support machine, i dont want a fully features os, i just want a machine that keeps me alive and doesnt do anything else which might endanger my life. And doesn't have any entrance points where someone hostile may break in and kill me.
This doesnt just apply to medical hardware, i would consider vehicle/aircraft control systems and guided missile systems etc, to be just as important.. The ECU on my car is in computing terms very simple, and only controls and monitors the engine.. I don't want it to run a full featured os, i like the fact it has a diagnostics port locked away under the hood and doesnt use wireless networking for instance...
Think of a world where your car "convenience", people could walk around a car park with a laptop.. look for your car, break in and do all kinds of nasty things.. And if it were to crash at 150mph on the highway, well then your fucked.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
And who said plausible denialability was dead?
I would have thought that the actual control computer was really down to you. It is a black box, and the operating system should be invisible to the operators. If it is a diagnostic machine, sure, you may have pretty little user interfaces running on whatever workstation you want, but there are every good reasons why the control logic should run somewhere else.
See my journal, I write things there
...and can safely say that' you're an idiot or a troll. i can't be bothered going into the *massive* depth of our testing, and it's going to be beyond your comprehension anyway, but suffice to say that it's deeper and more thorough than *any* industry. your assumptions are wrong, bad and stupid. the end.
...it doesn't cover using the media as a frisbee either, but that doesn't stop some enterprising company making an XP-disk-frisbee kit and marketing it - and guaranteeing that it works.
W2K SP3, XP SP1 violate HIPAA. Don't believe me? Look at the EULA, it grants third party access to any and all data and programs.
Any and all hospitals or health care providers that knowingly use MS Windows are setting themselves up for either gross negligence or willful negligence lawsuits. Furthermore, on the technical side, for life-critical systems something stable like QNX would be best practice.
The U Toronto conference back in May on Open Source and Free Software covered many of these issues on the morning of the last day. Unfortunately, the medical session is not archived, but could probably be if there is enough interest.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
There is a case for cross-platform tools at the moment too. It is a case of mobility. Most doctors like to be able to review a patient's case online and advice on the phone when necessary. Many vendors provide web pages and applets for this but they often end up very unergonomic. But since the need is often information retrieval rather than data entry, they are accepted in the absence of the better alternative. XAML, XUL and J# browser controls may improve the situation..
Personally, I don't think the issue here is tools, it is design.
Separation of concerns as promoted by technologies like XAML and XUL is a Good Thing, but it doesn't amount to having good design. In fact to the degree it leads people to think that a good design can be bolted on to an application SoC is a Bad Thing.
RAD tools tend to produce mediocre results quickly. Since this is better than most outfits can manage on their own, RAD tools are a Good Thing. To the degree that some people need excellent user interfaces, RAD tools are a Bad Thing.
I've spent many years creating systems with bad, or mediocre user interfaces, some with RAD tools, some without. In general, they have been Good Enough. However, every so often there comes a problem that demands an excellent user interface. It's easy to tell when you need an excellent user interface: you get a nasty feeling in the pit of your stomach when you contemplate the characteristics of the user vs. what the system is supposed to accomplish. Here is what I have learned from dealing with those situations.
An excellent user interface has to balance competing interests. It's like designing a race car. The car must be extremely light so that it can accellerate quickly. It must also be stiff so the driver can control it and strong to protect him in a crash. The concerns of lightness and strength oppose each other, so the designer must make tradeoffs, using his knowledge of physics and racing to save weight where strength is less critical, and sacrificing weight where strength is more important. That is the essence of design: making shrewd decisions.
A mediocre interface is easy: you build a database design (for example) and you basically make the user manage the updates to the tables you have created. There is room for screwing up, for example creating visual noise by failing to balance whitespace or using color or fonts in a way that is distracting. This kind of screw up is easy to fix with SoC. However, there is very little room for improvement. I think this is way MVC is so seldom worth the trouble. It solves an impedance mismatch between task and state, but most applications have such crude models of the task they hardly justify such elegant engineering. They are better done quickly and set aside.
In designing an excellent user interface, you have to balance speed and convenience (lightness) to the accurately and precisely manipulating information (strength). In very demanding interfaces, you have to marry the normal and exceptional task flows to things like database table updates that reflect an alternate organization of reality that may have little meaning or significance to users (unless they ever happen to be wrong!). It amounts to managing two separate, complex domains that interact with each other in complicated ways. Neither of these domains can be perfectly stereotyped (e.g. invoice/detail), although it is conceivable something like a design pattern cookbook could be created.
In a highly task centric user interface, there is always room for improvement.
SoC is a kind of best practice, and technolgoies like XUL that promote it are in themselves a Good Thing. However, it is best practice in a very narrow aspect of system and user interface design, and to the degree people treat it as comprehensive solution to the problem of user interfaces (e.g. the concept of a bolted on interface) it can lead to harmful design practices. Separation is an imperat
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
> "Patching Off-the-Shelf Software Used in Medical Information Systems."
Also Known as POSSUM-IS... interesting acronym, and strangely fitting for the exitsing "security" -- play dead instead of taking responsibility for security (BTW, Yes, I work in a hospital with Philips & GE equipment).
I assisted in administrating an AIX box that was used for patient records (the type of thing that people assume is being kept confidental). The vendor's documentation (from a leading vendor in health care software at the time) stated that the NFS daemon must be turned on. Since there where no NFS clients and the software did not seem to use NFS at all, I questioned the vendor about it. The tech explained that portmapper is used by their software and that running the NFS daemon is the easiest way to confirm that portmapper is properily running. Also, it was explained that if the NFS daemon is not running then we would not be in compliance for vendor support. The tech continued on to convince my supervisor that a NFS daemon should be kept running 24x7, not just during support calls. When I recommended that the hospital consider alternative vendors, I was informed that the others where even worse.
So, now the goverment is involved with regulations that these additional services that where not really needed to be running in the first place are regularly patched. I'm glad to see that they finally decided to get involved. And the health care software vendors want to complain about this?
Btw, anyone want to hear about the vendor argued that FTP is just as secure as SCP for transfer of unencrypted confidental information?
When computerized tomography first came out, it had many problems. The most important (in my opinion) was the presence of "mathematical (or imaging) artifacts" in the computed image which did not represent actual tissue or body structure. Over many years, these problems were overcome. The history is rather interesting. (People in the UK do not understand the word "rather".)
One of the principal people who solved the artifact probem was Kennan T. Smith from Oregon State University. He was a mathematician who worked with physicians (e.g. Erik L. Ritman) on problems in tomography. Smith was already very well known for work such as that on functional completion and on Bessel potentials with Aronszajn. To give you an idea about his publications, consider
"Reconstruction of objects from radiographs and the location of brain tumors." Proc. Nat. Acad. Sci. U.S.A. 71 (1974), 4884--4886. (authors: Guenther, R. B.; Kerber, C. W.; Killian, E. K.; Smith, K. T.; Wagner, S. L.). He is largely responsible for the strong tomography group at Oregon State. (He died about two years ago.)
On to the story (as told to me by KT Smith, Don Solmon and others): Smith would look at the images produced by CT machines (at the University of Oregon, I believe) and try to relate these to the mathematics of tomography. He would publish a paper on mathematically equivalent (to the "standard") reconstruction formulas which did not produce these artifacts. Magically and without any mention or attribution to Smith or his colleagues, this type of artifact would disappear from all of the commercial CT machines a few months later. This happened several times.
My point is that two mathematically equivalent formulas may not produce the same CT image. On infinite precision computers, the images should be the same but on actual machines (with "machine epsilon", roundoff errors, etc.), they were not the same and a lot of work by Smith, Solmon, Guenther, Natterer and others went into finding formulas which eliminated artifacts. I find the comment
"In MRI, the raw output is in frequency domain and typically a Fast Fourier Transform is needed to bring it to spatial terms."
by SimoM (30771) to be so simplistic as to be misleading. I am sure that readers here know about the limited precision of computers but I suspect that they are not aware that this can make an important difference in some (medical) cases. (What is that spot on the image? Either cancer or an artifact; don't worry about it.)
Am I qualified to criticize SimoM (30771)? Well, I have published research on tomography and I refereed one of Smith's last tomography papers. I know several of the researchers on this subject (e.g. Finch, Kuchment, Quinto, Solmon) and have talked with many others (e.g. Berenstein, Cheney, Kunyansky, Natterer). I received my original academic appointment because of Smith's recommendation and remained in (infrequent) contact with him over a period of 20+ years.
You have no idea what industry I am in... Anyone can make claims.. Yours are no more ( or less ) substantiated as mine.. So really its pointless to continue.
---- Booth was a patriot ----