Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fed-Up Hospitals Defy Windows Patching Rules

Posted by ryuzaki0 on from the er dept.

bingbong writes "According to Network World: 'Amid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates. Device makers such as GE Medical Systems, Philips Medical Systems and Agfa say it typically takes months to test Microsoft patches because they could break the medical systems to which they're applied. In some instances, vendors won't authorize patch updates at all.' This is the typical patch vs. crash problem. Unfortunately, the stakes here could be human lives."

45 of 705 comments (clear)

  1. Stop playing solitaire on my dialysis machine by Anonymous Coward · · Score: 5, Insightful

    Why is hospital equipment running windows? Anyone that knows anything about embedded systems with high quality requirements know that you stay away from large OSes. Even Linux is avoided unless you need tcp/ip and if you don't then its better to have a small maybe even off the shelf OS. The Key is to limit the testing requirements and limit changes, which are goofy to test a life support system just to have the latest and greatest IE 6 or 7 that you shouldn't even, have hooked to a wide-open Internet anyway.

    1. Re:Stop playing solitaire on my dialysis machine by dekemoose · · Score: 5, Insightful

      They are running Windows for the same reason that they are connected to a network, some pinhead PHB somewhere is trying to save a buck. It's probably cheaper for them to develop on a Windows platform rather then on a proper embedded paltform. Just like its cheaper for them to put these devices on a shared network, rather than having them properly firewalled off onto their own secured environment. Follow the $$$.

    2. Re:Stop playing solitaire on my dialysis machine by Short+Circuit · · Score: 5, Interesting

      Part of the problem is that the vendors chose Windows as a development platform.

      I'm a rabid Linux user, but if I were designing equipment that held human lives in its anthropomorphic hands, I'd build it as an entirely atomic OS built from Linux or a BSD variant. And communications would be data-only, over a serial port. No network.

      In high school, a nurse from St Mary's (here in Grand Rapids, MI) was showing us screenshots of their radiation therapy machine. I recognized CDE...she didn't know what version of UNIX it ran, though.

      --
      tasks(723) drafts(105) languages(484) examples(29106)
    3. Re:Stop playing solitaire on my dialysis machine by mattOzan · · Score: 5, Insightful
      I find it hard to believe they are talking about life support machinery. No specific piece of equipment is ever mentioned, just the generic "medical devices." I'm thinking they are speaking more of hospital informatics systems, like Stentor and EpicCare. When a doctor can't read a patient's medical chart because the workstation is PWNED, or can't send an X-ray up to surgery because the router's been hijacked, that is definitely a problem; but it is somewhat less of a problem than your ventilator quiting because of a BSOD.

      Sounds like a tech-challenged reporter reporting wide-eyed about crashing "medical devices" which she doesn't really understand.

    4. Re:Stop playing solitaire on my dialysis machine by hawkestein · · Score: 4, Interesting

      On the other hand, if it just malfunctions...

      --
      -- Will quantum computers run imaginary-time operating systems?
    5. Re:Stop playing solitaire on my dialysis machine by Short+Circuit · · Score: 4, Insightful

      Crashes would be a problem.

      If it crashes, how do you know if the radiation dose was administered or not? Was it the whole dose? was it just part of the dose? Did the machine even turn off?

      Those are awfully important questions for the doctors and radiation techs. Even moreso for the cancer patient that has to go through a battery of tests to determine the effect of a software glitch.

      --
      tasks(723) drafts(105) languages(484) examples(29106)
    6. Re:Stop playing solitaire on my dialysis machine by YU+Nicks+NE+Way · · Score: 4, Informative

      Actually, there were a string of deaths due to an OS crash in a radiation therapy machine -- patients, already weak from chemo, were given several times the radiation dosage that they were prescribed. Unsurprisingly, some of them died

      So, yes, these machines -- and, specifically, radiation therapy machines that crash -- can kill.

    7. Re:Stop playing solitaire on my dialysis machine by Tongo · · Score: 5, Interesting

      Speaking of a radiation therapy machine with software bugs.....

      This was posted to /. a while back: An Investigation of the Therac-25 Accidents

    8. Re:Stop playing solitaire on my dialysis machine by dogas · · Score: 4, Interesting

      I develop an enterprise-level hospital app at a large corporation for a living, and I had the same questions when I started.

      Hospital hardware surely does run embedded systems. However, most parts of the hospital are probably kiosks running a web-based app that controls bed management, scheduling, the financial parts, etc.

      They are running windows for the same reason they are using IBM Websphere for the app server instead of Apache Tomcat: liability. What happens when a patient dies because of a server crash? Who do you blame? Oh, we'll blame Microsoft or IBM for our own bugs. You don't have that luxury if you're using Tomcat and Linux. Yes, it's dirty, sleazy and nasty, but I have no control over it.

      --
      'When the going gets weird, the weird turn pro.' -HST
    9. Re:Stop playing solitaire on my dialysis machine by MindStalker · · Score: 5, Insightful

      But the point is still the same, you should run a machine with only enough code to do the job. Extra cruft is just risking "bugs" which could cost lives.

    10. Re:Stop playing solitaire on my dialysis machine by Omega1045 · · Score: 5, Informative
      Part of the problem is that the vendors chose Windows as a development platform.

      Uh, no. Do you work in the health care industry? I do as a software developer for a vendor. Don't throw the blame on us. We actually changed to Windows off of other systems because hospitals started putting PCs with Windows into their various departments. The backend for the software I work on actually runs in Unix, and we have hospitals that are thinking of going to NT only, which means we have to try to port our code to it or loose that customer.

      --

      Great ideas often receive violent opposition from mediocre minds. - Albert Einstein

    11. Re:Stop playing solitaire on my dialysis machine by FunnyBunny · · Score: 4, Insightful

      Very honestly, most of these machines couldn't "kill omeone".

      Hmm, a pain pump that doesn't correctly meter the morphine could easily kill someone.

      I mean, if the radiation therapy machine crashes, nobody dies.

      Wow, you mean if the control computer crashes leaving the shutter to the Cobalt source open nobody could die? How about gamma knife overexposing the brain stem, cooking the brain stem couldn't possibly kill someone. How about a faulty homing cycle where the radiation head homes to the patient table, even if a patient is there.

      Do me a favor, don't work on human critical systems.

    12. Re:Stop playing solitaire on my dialysis machine by FFFish · · Score: 5, Insightful

      Don't be silly. The system should be based on an OS that is proven hard-core stable and real-time, like QNX, Microware OS-9/9k, etc.

      There are a ton of good OSes out there for specialty applications and, surprise!, most of them don't involve Linux! Linux is not the be-all and end-all of OSes.

      For human-life-critical applications, you should be using something that is demonstrably proven.

      --

      --
      Don't like it? Respond with words, not karma.
    13. Re:Stop playing solitaire on my dialysis machine by Locutus · · Score: 4, Interesting

      Thanks for the link but wow. So, when Microsoft was collecting data from users MS Word documents( over the internet, behind the users back, and databasing it ) they were doing so without provisions and protections in their OS EULA? And they got away with just being able to say they won't do it again and that they've deleted the database....

      One thing of interest in that article is how the Microsoft exec specifically states the EULA of the SP and not the original EULA. This would be fine as long as the SP EULA states that it replaces completely the original EULA the user has been operating under and I don't know that it doesn't.

      I do know of quite a few people who refuse to upgrade to WinXP because of the EULA and the fact that Microsoft can legally update anything on the OS without the user/admin/etc knowing should be cause to exclude them from any financial, healthcare, public service ,etc business. After all, they are already a convicted felon. Hearing Bill Gates or Steve Balmer/etc saying 'trust me, we won't do xxxxxx' is meaning less. IMHO.

      Sure seems like all of these businesses would be on the high road to replace MS Windows ASAP with something they can have more control over...

      LoB

      --
      "Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
    14. Re:Stop playing solitaire on my dialysis machine by Locutus · · Score: 4, Informative
      www.macobserver.com article from 2002/10/24

      to quote:
      The text of the Microsoft EULA from Windows XP Service Pack 1 and 2000 Service Pack 3 reveals the offending material:

      By using these features, you explicitly authorize Microsoft or its designated agent to access and utilize the necessary information for updating purposes. Microsoft may use this information solely to improve our products or to provide customized services or technologies to you. Microsoft may disclose this information to others, but not in a form that personally identifies you.

      The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer.

      In short, this agreement gives Microsoft permission to scan your hard drive for information, "fix" security holes or other bugs via updates to your system, and while the company is there, it would effectively have access to other data on the system, which is where the conflict comes in. Better yet, the company can even let "designated agents" do this, an even more nebulous term that leaves Windows users with even less control over who is accessing their system, and what they might do when there. All of this occurs without the user's permission.

      Remember, these are the same people who faked a presentation in front of a Federal Justice and told him over and over it was fact....
      IMHO, the EULA parts that I've seen are so vague Microsoft could collect anything they want without worrying about legal action against them. After all, they are masters of vague verbiage in license agreements, are they not?

      LoB

      --
      "Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
    15. Re:Stop playing solitaire on my dialysis machine by CyberGarp · · Score: 4, Insightful

      This happened to me in a hospital:

      I was admitted for severe breathing difficulties and chest pain. This put me on the heart attack route. Turned out to be a rare form of asthma. While I set in a bed on oxygen, I looked up to watch my heart monitor flat-line. The crash cart crew runs in with all the resucitation equipment and my heart monitor starts beating again. They give me weird looks and examine me up an down to see that I'm doing great on the oxygen. This happens a second time. About 10 minutes later the hospital IS staff show up and examine it, and he says, "Aha, yours is set on the network to show the guy next door."

      He leaves and I hear the crash cart go whizzing by my door.

      Networked critical care systems are a bad idea--except to report a central monitoring station. Windows is an even worse idea. Why this kind of crap is tolerated is beyond me.

      Shawn
      --

      I used to wonder what was so holy about a silent night, now I have a child.
    16. Re:Stop playing solitaire on my dialysis machine by Valar · · Score: 4, Insightful

      This is a very precise process. We are talking exposures MUCH less than a second. By the time a human operator can respond to the malfunction it is already too late. If the exposures were long enough that a human could administer them, then they would. No point in paying for a computer _and_ a tech, right?

      --

      ====
      Crudely Drawn Games
    17. Re:Stop playing solitaire on my dialysis machine by danheskett · · Score: 4, Insightful

      Because the alternative is alot worse, that's why.

      Imagine you are a small hospital, one with a 10 bed ICU. You have 10 patients. Can you afford to have someone near enough to each heart monitor to hear when it has an irregular heartbeart? Can you even detect a slightly altered heart-rate just by a casual listen/look every now and then? What about all the other funny intrumentation? Of course not. It would take one RN/CNA/Med. Tech per ICU patient per shift. In 3 shifts that's 30 full-time employees for a 10-bed ICU just to make sure nothing bad is happening on the monitor. That's a big staff. All the sudden you are spending $2M a year on just nurses/assistants for your 10-bed ICU. At best you can recoup $500k of that, maybe $1M if you have a really good ratio of paying/insured/uninsured/unpaying patients.

      Imagine you are not a 10-bed ICU, but rather, a 750-bed ICU. Do the math.

      Whats worses is that in your case it wasn't even likely a networking related problem, so much as it was likely that a the inputs from one machine were improperly patched through to a display and monitoring unit. (I've seen the same mistake before.. when you have a patch panel it's an easy mistake to wire jack 3 to jack 5 and vice versa).

      It's not acceptable, but in reality, it's a cost of progress. The alternative to network'd equipment like this is worse care. Systems must be designed to be resliant, and some manufactuerer's are doing a bad job. But, by and large, medical technology is amoung the most robust in the entire computer industry. I've seen machines that run 24-hrs a day for years on end. Machines with duty cycles in the thousands of hours.
      Networked care systems are coming, and many are here and work very well. Many many many more lives have been saved than damaged or lost by this type of technology. We need better systems, better platforms, etc - but throwing out the whole thing is absurd at this point in time.

    18. Re:Stop playing solitaire on my dialysis machine by Anonymous Coward · · Score: 5, Insightful

      They are not usually using Windows for embedded systems. They are using Windows on workstations.

      I am a clinical doctor who programs in a couple of dozen languages and environments and follow the advancement in software solutions closely. I have been involved with clinical informatics only recently for the past couple of years though. Allow me to explain you some of the realities of the current health industry software. I admit I haven't sat down and structured the text well but I tried to put in as many issues as I could think of the moment.

      The doctors want Windows or Macs. They want a familiar set up compared to what they use at home. It is very difficult to get doctors learn a completely different paradigm. There have been documented cases where nearly all the doctors in certain institutions rose up in arms because the developers thought they knew better and tried to force a solution onto them.

      Most of the current set ups are almost always heterogeneous. We buy software from multiple vendors and bridge them together. This is because there are no completely integrated solutions as yet. GE and a few others are trying to close this gap but it is a VERY difficult one. Hospital information needs are not standard as your usual business information needs. The data processing here is often very simple but the volume and complexity of the data is overwhelming. It is not simple as Customers and Invoices. Clinical Medicine deals a lot with relatively abstract data with complex relationships. Most doctors know these relationships intuitively but there isn't enough published literature for a software developer to draw from. Clinical software is extremely expensive to build since the requirements are hard to establish. A lot of iterations are needed to fit the software to a given practice (This never gets completed usually and people settle for close enough).

      Doctors themselves understand their needs best. A few doctors, while they don't hold CS degrees, practice design patterns or do EJB, do quite well to put together MS Access databases to solve their problems where professional software developers have not yet tread. Many times, they distribute these to their colleagues freely (Open Source if you will). Few even sell them. They may not be the best designed tools but they work. Mac's FileMaker and Linux's Total Rekall? don't exactly come close. Windows tools also have a larger number of books available to learn from.

      Platform and tool costs are trivial, developer costs are not. A study in Human Computer Interactions is very essential here. Rich user interfaces are always preferred. Non-windows platforms don't have sufficiently advanced RAD tools. I really wanted Kylix to succeed. But I don't see any momentum behind it anymore. Veteran's Affairs Hospitals have built a remarkably physician friendly system. They are rightly proud of their constantly iterative development. They used Delphi but now that the system is stable (for user experience stand point) they are looking for other platforms. They looked at .NET. I heard they were trying Java now. Personally I am not sure it is the right choice for the client but we shall see.

      The loss of work hours because the software does not fit the workflow at a given hospital is far far greater than losses due to worms and viruses.

      The software should be as intuitive to use as possible. Should not require reading manuals. Hospitals always look whether the given software will slow the physician down in any way because physician time is very expensive and they rather have them seeing patients and generating revenue.

      There is a case for cross-platform tools at the moment too. It is a case of mobility. Most doctors like to be able to review a patient's case online and advice on the phone when necessary. Many vendors provide web pages and applets for this but they often end up very unergonomic. But since the need is often information retrieval rather than data entry, they are accepted in the absence of the better alt

    19. Re:Stop playing solitaire on my dialysis machine by oliphaunt · · Score: 4, Interesting

      I doubt YOU have any customers to deal with, especially with your "my way or the highway" attitude. Get back to being laid off [...]

      I work for a GPO. It's my job to write contracts for health care companies. It's a staggeringly boring occupation, but I do get to spend a lot of time thinking about what would happen if someone died because of a failure in a piece of equipment bought through one of my contracts.*

      I see a lot of EULA-style documents. You might be surprised how many software companies have simply taken the EULA from Windows98 and adopted it as their own license agreement. You might also be surprised how many suppliers are willing to offer code escrow or source code access to customers. I've certainly seen some things I never would have expected.

      But you know what surprises me the most? That some vendors don't seem to care that their slipshod implementation could result in harm to a patient. For example, I recently spoke with a sales rep from a large point-of-care software vendor. He was very very excited to tell me all about the features his web-enabled software offered, like giving me REALTIME! ACCESS! TO! PATIENT! DIAGNOSTICS! but when I asked him about security, his answer was "well, that's the customer's responsibility." The base functionality required for this app is to take a bunch of data from a handheld device over serial port, dump it into a networked database, and then provide reports from that database into a web frontend for multiple users, with a user administration tool tacked on as an afterthought. What did his application run on? IIS, and it requires IE on the client desktop. Do they SSL-encrypt traffic on the network? Of course not. Do they send patient name and ID number in cleartext along with their REALTIME!!! test results? Well, the data wouldn't be much good if you don't know who it belongs to, now would it?

      tinfoil-hat concerns aside, healthcare organizations are now required to comply with HIPAA, and if they fail to do so, people can go to jail. If the blood lab at one of my customers' hospitals buys this software, and someone is able to plug a laptop into their network and intercept data sent by their crappy IIS application, that's a clear HIPAA breach - but who is responsible for it? It's my job to make sure my customers aren't going to federal prison as a result of a poorly informed software purchase... you can bet that they're not buying the software.

      see, you assume that the customer is always right. In fact, the customer is often wrong, either because they are ignorant, or because they are receiving some kind of incentive (read: bribe) from at least one vendor in order to influence their decisions. When you use Windows in healthcare, the "customer is always right" attitude could land your customer in federal prison.

      *(what happens? Somebody gets sued. Usually, the dead patient's family sues the doctor and/or the hospital, and potentially the vendor, and also potentially my company. If the contract is written well, the vendor is obligated to step in and indemnify the doctor, our customer, and us against any claims. The funny thing is that vendors running on windows are NEVER NEVER NEVER willing to volunteer this indemnification- I always have to fight for it, and sometimes we just can't get it. If there's an alternative vendor who will indemnify, they usually end up winning the business, because this is such an important concern for the health care providers...)

      --




      Humpty Dumpty was pushed.
    20. Re:Stop playing solitaire on my dialysis machine by kikta · · Score: 4, Informative
      You can disable any type of back-communication to Microsoft from Windows XP in less than five minutes. And you can prove it in less than 10 minutes.

      Dude, you have no idea what an unverified binary does. You don't. Period. End of story.

      I'm all for cutting through bullshit, but don't provide your own. Go read a book or take a class on basic security before you spout off.
  2. Why do they need patching? by Anonymous Coward · · Score: 5, Insightful

    Why are they even accessible on the internet? Seems like these should be in a secure private network unlikely to be attacked.

    1. Re:Why do they need patching? by blueZhift · · Score: 5, Informative

      Let me tell you, stuff gets inside hospital networks like nobody's business! The problem is that while the outer firewall is secure, there are all sorts of ways for things to get in via individual workstations. This is especially true since many hospitals, like mine, have standardized on IE. I was literally in the process of patching a Windows 2K based acquisition PC when it got hit with Sasser! Lucky for me the patch just barely beat the infection, so I didn't have to rebuild the machine.

      Because the inside of the hospital network is so insecure, I've actually set up my own firewall around my test and development machines. One solution would be to totally cut off the hospital from the internet, but that wouldn't be very practical and would piss off a lot of doctors to boot!

      --
      To the making of books there is no end, so let's get started
    2. Re:Why do they need patching? by AKAImBatman · · Score: 5, Insightful

      Why are they even accessible on the internet? Seems like these should be in a secure private network unlikely to be attacked.

      Who said they're on the internet? Consider the following scenario:

      The Hospital PCs are connected to a primary server that backs up all data and managed the PCs.

      The Primary Server has a leased line or occasional dial-up to transfer data to a state-wide backup and update site.

      The backup and update site has firewalled internet access for a VPN to GE, and troubleshooting purposes.

      GE communicates with customers via internet email. One clerk in a backroom opens an attachment with an RPC worm. Within a half-hour the entire chain is compromised.

      Any question on why having a monosystem Windows network is a bad thing? Even ONE Unix server in there would help break the chain.

      --
      Javascript + Nintendo DSi = DSiCade
  3. so? by Anonymous Coward · · Score: 5, Funny

    pshaw! what's a few human lives when network security is at stake?

  4. FDA? by gtrubetskoy · · Score: 4, Insightful
    ...when the FDA eight years ago began allowing off-the-shelf software in medical devices, it didn't foresee the kinds of security issues, such as computer worms, that plague networks.

    OK.... We now have the Food and Drug Administration in charge of computer security?

    1. Re:FDA? by m.h.2 · · Score: 5, Interesting

      Having spent 10 years working in the Medical Device/Biotech domain, I can tell you that the FDA really does govern these things. Unfortunately, their internal understanding of computer systems in general is frighteningly scarce. Essentially, the only body of legislation they have to go by is a small portion of a CFR (Code of Federal Regulations: 21CFR Part11) that was released in 1997, and the enforcement guidance documents that followed it. The Code is extremely ambiguous and realistically lumps "electronic documents" and "electronic signatures" together. The compliance issues resulting from the vague document and its (mis)interpretation and enforcement were enough for me to change industries. My heart goes out to all of the people still battling this.

  5. Why in the hell... by daveschroeder · · Score: 5, Interesting

    ...do they not just put these devices and systems behind something as simple as a $50 hardware NAT firewall, especially for a device that costs hundreds of thousands - or millions - of dollars? (Or better yet, why does the vendor not integrate such protection if they're relying on network-connected Windows systems for device control/interaction?)

    The norm is that these devices may need to connect *out* to something else, but don't necessarily need any inbound connections, so a hardware firewall, or even a host-based software firewall, would work perfectly in most instances; those that do need externally initiated inbound communication can *still* set up the necessary rules to allow such communication to take place. And yes, it is just this simple. (I did RTFA, and noted that some vendors actually recommend this, but that, startlingly, "there have been several instances in which viruses originated from medical instruments straight from the vendors"!)

    1. Re:Why in the hell... by pclminion · · Score: 5, Insightful
      put these devices and systems behind something as simple as a $50 hardware NAT firewall, especially for a device that costs hundreds of thousands - or millions - of dollars?

      How is a firewall going to stop an insider from exploiting the network? Does working in a hospital magically transform a person into a paragon of morality?

    2. Re:Why in the hell... by cammoblammo · · Score: 5, Funny
      "there have been several instances in which viruses originated from medical instruments straight from the vendors"!

      Viruses from medical equipment? Haven't they heard of autoclaving? Sounds like a negligence lawsuit waiting to happen...

      --

      Cogito, ergo sig.

    3. Re:Why in the hell... by Ryan+Stortz · · Score: 5, Informative

      No, most machines (from GE atleast) listen for incoming SSH sessions. This is so it's main tech guys can connect (from Wisconsin) and fix the problem. It saves the Hospitals money, they don't have to call in a field service guy for $150+ an hour. The tech guys can even find a faulty board, order it, have it shipped to the hospital, and have a guy swing by the next day and replace it without alot of wait.

      --
      Bugs are just features that have been fixed.
  6. Network by Klar · · Score: 4, Interesting

    I work for a hospital,and I have to say that our network may be 'stable' but it really sucks. We run Windows2000 Pro with many problems, and frequent crashing. If one of our secondary databases crashes, as they seem to do often, we have to wait a day or two until we can get a reboot of the system because the main database runs on the same server. Productivity really goes down the tubes sometimes to allow for the 'stable' network.

    --
    Boxing Equipment Reviews
  7. Doesn't have to be a issue by bs_testability · · Score: 5, Insightful

    Medical machines responsible for human life should never need to be patched. The software was tested at one point and should be controlled to stay at that test point until it is to be retested. For machines running windows this means they should be segregated from other parts of yoru network and should be airgap firewalled from the rest of the world. Intenet worms and email trojans shouldn't be relevant.

  8. Can't say I'd blame Microsoft this time around. by Rude+Turnip · · Score: 5, Insightful

    I'm not a big fan of Microsoft, but I don't think the quality (or lack thereof) of their products is the issue here. I've read from their EULAs that their products are not suited towards critical applications (ie nuke facilities, life support). My point is that although a EULA is not a legally-binding contact, the fact that MS is stating in public Windows shouldn't be used in critical applications should tell you something. The bottom line is that if GE, Philips or Agfa build a medical system, they should be responsible for that product from the software up to the hardware. The fact that *they don't have control* over one of the components in their products (the underlying OS) is negligent, IMO.

    I would get laughed out of court if I tried to blame a critical problem with a report I wrote on my secretary, and the same should happen with these companies if somebody's loved one dies from their irresponsibility.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!
  9. GE Medical Systems by Ryan+Stortz · · Score: 4, Informative

    My father works for GEMS as a Field Service Engineer; he repairs and installs X-Ray Machines, CAT Scanners, and Mamography machines. As far as I know, GEMS doesn't run Windows on any of it's boxes (other than Engineer Laptops). Most of their older systems are UltraSPARC/SunOS boxes. The newer ones are Intel Xeon/Red Hat rigs with their own custom window manager. Heh, he's even called me in a few times to help him with some Linux problems.

    It makes sense to me, GEMS and the Hospitals aren't going to risk $500,000 to $2,000,000 machines because of Microsoft's poor track record. Not to mention, a bug in the software can bring down the system for hours, until someone can come in and fix the problem. My Dad has problems all the time with doctors breathing down his neck. Most the time they have a full schedule, and when a x-ray tube blows it can take up to 4 or 5 hours to replace. Not including shipping from Wisconsin or France.

    --
    Bugs are just features that have been fixed.
    1. Re:GE Medical Systems by djh101010 · · Score: 5, Informative

      Sorry, Ryan, but you're not correct. I worked for GEMS for 12 years, in software engineering. There _are_ Windows systems embedded into some of these scanners. Most of them do trivial things and are being phased out in favor of *nix systems, but there _are_ Windows-based medical devices.

      It's quite a quandry. If you don't patch the 'doze boxes, (and if you don't have a firewall...) it's possible that someone could infect that system. The problem is, GE (and obviously the other device manufacturers) test the hell out of that specific OS build and patch set. When Windows Update breaks things (which happens more than never), the system is now in a state which GE didn't test, and may in fact break the functionality of the scanner. At this point, the FE has no choice but to re-load the PC from the GE-supplied media(which doesn't have the latest patch that the hospital just installed).

      The solution? It's pretty simple, stop using Windows in critical situations. I was trying to make that point 10 through 5 years ago there, and was involved in some of the very first Linux tests, prototypes, and production implementations there. The current generation of scanners is mostly linux/intel based, although there is still a lot of SGI/Irix at the top-end where heavy image processing is done. The fix for this problem, is to avoid this problem, and that's really the only sensible approach.

      So, yes, they do have 'doze systems embedded in some of these scanners, but it's getting better. The hospital gets to choose between complying with HIPPA and patching the systems, or installing an unsupported patch which might break the scanner. Not a good place to be in, but then again, people shouldn't be reading their email or surfing the web from the MRI scanner's console, and the hospital _should_ have a firewall blocking the slammer/whichever ports.

  10. Remember Therac-25 by xmas2003 · · Score: 4, Informative
    One of the first (and most tragic) cases of software screwups in medical equipment was the Therac-25 medical linear accelerator used to treat cancer here is one of many writeups on it but in summary, it took a couple of years and caused several deaths before it was pulled from the market ... and software is much more complex these days, plus there are tons of interactions.

    I.e. while one can build a simple manometer the reality is that blood pressure devices used today probably have all sorts of interdependancies that can cause a ripple effect, so one should be pretty darn careful before just applying patches licky-split ... in a work discussion earlier today, we talked about how one of the recent Microsoft security patches broke one of our applications.

    --
    Hulk SMASH Celiac Disease
  11. I work in a top hospital, and we're not patching. by Anonymous Coward · · Score: 4, Informative

    I work in one of the top hospitals in the US (Top 100 Wired, top 25 in a lot of the US News and World Report rankings, etc) as the principal technology architect, and I can say that people are idiots for going nuts and patching immediately.

    Our CIO, who's pretty well respected among his peers, asked us last week on deployment schedules for this. We pushed back and said, if we deploy now, we'll run into a host of issues. Over the weekend we did some cursory testing against most of our Patient care apps (a lot are web based) such as Cerner Millennium and GE's CentricityWeb. We're far ahead in the CPOE game for healthcare, so our devices are used for input of labs and orders.

    Most of the biomed equipment we have doesn't run Windows. Personally, if you do your environment right, then you shouldn't have to worry about viruses and stability.

    Healthcare doesn't function like the rest of the business world. It's a completely different animal.

  12. Security AND Stability by for_usenet · · Score: 5, Informative

    I work with MRI scanners, so I know about these issues very well, and here's an example from my own experience:

    An old colleague of mine got funding to start his own reasearch group, meaning he got his own MRI scanner. He asked me to consult on some software that would extract the data from the console of a Siemens scanner (at the time, the console was based on an OLD version SunOS, whose native compilers did not even conform to standard ANSI C) and send it directly to another computer running software that we use for data analysis. The dialect of C was a little strange, but within a week, I was able to get the software together, and my colleague was able to do the type of experiments he wanted to. And his scanner hummed along. This was back in 2001.

    Fast-forward to the present. His console has since been "upgraded" to Windows XP system, and in the times I've spoken to him, he's had nothing but bad things to say about the stability of the "upgraded" system. And it's not that he had a choice, as support for his previous system was phased out. So now patients, doctors and reasearchers in his group are at the mercy of the moods of an XP system. And mind you - this system is not even on a publicly accessible network. It is on its own dedicated, private network, and its stability still can't be maintained, even by the support staff of the scanner manufacturer.

    When it comes down to it, Windows still does not have the stability (never mind the security issues to cut it in really "mission-critical" situations). Maybe in cases where you need your e-commerce site up, running, and handling 1000s of transaction per second. But NOT when peoples' lives are involved.

  13. Everyone's asking why aren't they firewalled... by foxtrot · · Score: 5, Insightful

    Firewalls won't help. If it runs Windows, some idiot's going to bring in a CD full of pictures from his latest vacation and the CD's going to be infected with MyDoom or (heck, probably and...) Sobig or any number of other nasties. Or it's going to be something he wants to print on the nice laser printer at the office.... there's a hundred ways to get infected just by clueless users.

    Pretty soon, the internal network's either too busy generating random traffic to do anything else-- and even if the Big Iron of the business, the dialysis machines and heart-lung devices and all those wonderful things that better damned well not break work fine, you've still got the terminal the nurse sits in front of that keeps track of when to issue you your shot that keeps you alive spending half its time rebooting because it's got Sasser.

    This is not a problem a firewall can solve, and it's pretty darned big: You can't go throwing software around willy-nilly to solve this problem (even though the real problem is that the users _are_ throwing software around willy-nilly), so you can't just go "oooh! A next-day patch from Microsoft, let's hope their two hours worth of QA before it walked out the door was good enough!".

    -JDF

  14. Fed. Regulations Cause This by grunt107 · · Score: 4, Interesting

    All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing. These regulations add weeks, if not months, to system changes, regardless of change scope.
    Case in point is the drug study setup. Setting up data entry screens and processes can take up to 6 months for a given trial, and that trial may only run 3 months for the study metrics. If any of these processes are documented incorrectly, and entire trial can be dropped and the drug denied.
    This, in the hospital realm, is all about CYA. If a piece of equipment is not certified to this extent, the hospital can be held more liable for patient injuries if said equipment falters.

  15. Coming soon... by Datoyminaytah · · Score: 5, Funny

    > Unfortunately, the stakes here could be human lives.

    Soon to be made into a movie starring Uma Thurman.

    It's called "Bill Kills".

    --
    assert(birth_date<time-86400)
  16. yes... by drmike0099 · · Score: 4, Informative

    The article mentions one thing that needs to be emphasized, which is where the FDA guy states that they're not going back to the dark ages where systems don't talk to anything else. For years, every device was on its own proprietary network (if it was on a network at all), and talked to itself and absolutely nothing else. This was bad.

    In only the last couple of years (because medical IT is very behind the rest of the IT industry in a lot of ways) these devices have moved rapidly to using commodity protocols and network infrastructures, driven by hospitals' needs to do all of this more cheaply, and not have a lot of chaos.

    Also, they want to provide some value add on top of the monitoring systems. For instance, it's nice to be standing by the patient's bed and see the monitoring data. It's even better to be able to export that data to another system so that it's more useful, or display it on a website so MDs can see it. All of this requires networking capability, and Microsoft (like it or not) is considered a leader in the field for server software, and has a large division providing solutions to healthcare.

    Overall, the more advanced features you want a clinical system to provide, the more that system needs to integrate with other systems. Companies have given up reinventing the wheel on this every time, and are basing what they do on standard software and protocols. Microsoft is one of those. We try to avoid it whenever possible, however in most instances the decision for one product over another is based on clinical value, and not IT preference.

  17. Re:Stop with the security through obscurity crap by LWATCDR · · Score: 4, Insightful

    "Why, exactly? Because nobody would know how to hack your tiny little proprietary OS? That's crap and you know it."

    The reason it the smaller the OS the less you have to test it. The whole KISS thing. Keep it simple stupid.

    On a standalone ebedded system you do not need support for TrueType fonts, every printer and USB device known to man, or even video playback. On an Embeded device you often only need a few functions but those functions have to work. If you have ever programmed under windows you will find all sorts of APIs just do not work or do not work the way they are documented. Windows programers just program around these issues. You should always use the smallest OS that you can get away with for the device you are using. Linux is a good option for very flexable embedded devices. I would tend to stay clear of X and use nano-x myself.
    There are many off the shelf ebeded OSs the most popular I can think of is QNX. For life critcal systems I would go for QNX over windows any day.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  18. There is no simple solution by djh101010 · · Score: 4, Informative

    Why don't they design their software, so that it doesn't break when patches are applied?

    You don't seriously believe that Microsoft gives anyone advance notice of what the patch is going to break, do you? Have you seen the ambiguous and undetailed language that goes with the WinXP SP2 patch? There's nothing actionable in there, certainly nothing testable. Until GE gets it and tests it, and authorizes it for the build, it's an astonishingly risky thing to install it.

    21cfr11 mandates that only the tested configuration can be used, and if the hospital choses to violate that federal statute, they are not just at risk of screwing up their scanner, but they're technically in violation of federal statute.

    I'm not defending Microsoft here, nor am I saying it's smart to have Windows in scanners, but it's there (less now than 5 years ago, but still there). The penalty for using it is that it's quite likely that some piece of malware _will_ find its way into the scanner. They're more vulnerable if they don't patch, they are going into an unsupported (and unsupportable) configuration if they do patch. The only answer is to not use Windows, but until all the 'doze-based scanners are history, they're stuck with it.