Slashdot Mirror
Computer Virus Forces Hospital To Divert Ambulances
McGruber writes "The Atlanta Journal Constitution newspaper is reporting that a hospital with campuses in Lawrenceville and Duluth, Georgia turned ambulances away after the discovery of 'a system-wide computer virus that slowed patient registration and other operations.' They're only currently accepting patients with 'dire emergencies.' A spokeswoman for the hospital said the diversion happened because 'it's a trauma center and needs to be able to respond rapidly.' The situation began on Thursday afternoon and is expected to last through the weekend."
The hospital is still treating patients in emergency situations but is asking people with minor ailments, such as sore throats or sprained ankles, to contact their regular providers, Okun said.
We're in a sad state when people need to go to the hospital to deal with sore throats and sprained ankles.
Facts do not cease to exist because they are ignored. -Aldous Huxley
as if I have to ask...
the article mentioned nothing about which o/s or apps they run. or their network topology. things that matter, you know.
bet they thought about mentioning windows but their legal team said 'meh, why create trouble?'.
omissions like that are dishonest.
--
"It is now safe to switch off your computer."
at my hospital we use webapps for 99% of access to results/radiography etc... with office365, isn't linux becoming the obvious answer? (ok, no outlook replacement maybe... - but all anyone uses it for is email!)
I work at a trauma center, and we go to diversion all the time. It happens whenever the ER gets backed up to the point that the patients would be better served by going to a less-full ER than by coming to ours, even if that ER is a little further away. This happens at least twice weekly, although perhaps not as often as other, less busy ERs. Yes, the virus undoubtedly brought them to this clogged state much faster, but this isn't nearly the crisis the summary (or the article it is summarizing) makes it out to be.
Hospitals are often quite badly prepared for this sort of thing. A big problem is the number of computerised "medical devices" where the vendor insists on a very specific update policy (or very specific restrictions on 3rd party software).
I worked at one hospital where Confiker took the whole IT system down. A big problem in repairing the damage was that there were a lot of PACS (digital X-ray/CT/MRI viewing/storage) workstations where the PACS vendor would not permit the relevant windows updates or a 3rd party anti-virus to be installed on the servers/workstations. They relented after a 24 hour stand-off, after they realised that they was nothing they could do to keep the system happy enough to meet the SLA without the updates and a suitable anti-malware.
I work at another hospital now, where similar lack of updates due to comparability with old business apps prevents updates. E.g. The PCs still run XP SP1 (even the brand-new quad core xeons). There also doesn't appear to be funding for updating anti-malware - the hospital use Sophos 7 (which became unsupported last year).
This hospital has chronic problems with virus/malware infestation on a number of office machines - but while IT can clean the computers manually, there seems to be a reservoir if infection on file-servers, USB drives, etc. So the infections come straight back after a manual deletion. This hasn't caused a catastrophe locally, so management don't seem to care, but it is a major annoyance, as infected documents frequently end-up getting e-mailed out to other hospitals/doctors and destroyed without trace by the recipient's e-mail system. Docs have been known to put the files on a USB stick, take it home, clean it with an up-to-date virus scanner and then e-mail it out.
Stuxnet for hospitals? The major trauma for the hospital admin was that they might not be able to determine your insurance or billable status... ED's can do most thing in the diagnostic and treatment pathway in house, be an awful shame not to bill you for it all
I did a contract with one last March which was upgrading to new state of the art medical billing system to be Obamacare compliant.
Ran Windows 7? No. Windows XP Service pack 3 right? No. Windows XP SP 2 with IE 6?!
Normally it is not an issue but with HIPPA it is very serious this irritated me. Someone can literally hold the hospital hostage if these medical records for tens of millions of dollars and they need at least a patched and still supported version of XP like corporate America does. The problem is custom medical software and custom devices for Xrays and MRIs use IE 6 still and are not certifed with XP SP 3 ... unless you give them $$$$ to buy all new epuipment over again. This is new software being developed in 2010 I may add requiring IE 6 and some software wont even run with SP 3 on XP. This means no security patches.
It does not surprise me there are viruses on hospital computers as they can't be patched. WIth HIPPA you would think a hospital would always demand and use state of the art fully patched systems for security. But if were the medical records software company or make MRI machines I would be still requiring IE 6 too so I can then price gouch and double dip and charge3 another $400,000 in 2013 when support ends. I can make even MORE money. ... end rant
The greed is incredible in the industry, but doctors can be the most and worst clients and users if you chat with anyone who supports them. THey feel supperior because they have those PHDs and make tons of money. Luckily I just helped install stuff and ignored the rest of the staff. As a result I.T. staff just never upgrade as they do not want to deal with these users at all
http://saveie6.com/
What happened back then was it took a lot more staff to treat a lot more people. This issue isn't keeping doctors from treating patients, it's keeping them from treating as many patients. Everything is probably having to be done on paper, which means that someone (a nurse more than likely) has to walk that paper where ever it needs to be. This has the double impact of taking more time than it normally would, and requiring someone to take time out their normal duty to move it. That is why they are still taking actual emergency cases, and turning away non-life threatening, less serious cases. So that the ER does not get completely backed up that they can't treat a life-threatening case that may show up.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
to let IT install updates / anti-virus?
If the computer system shuts down and workflow speeds up then you know you have a problem.
Faster! Faster! Faster would be better!
What gave it away? The patients had mice attached to them?
"I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
Am I the only one who parsed this headline and thought it was something from The Onion?
Net we'll see "CERT Advisory Issued for Swine Flu Virus"...
If it weren't for deadlines, nothing would be late.
From talking to some patients it appears thet the worstaions are operating, but they have functioning network connectivty.
That's awful. I hope the network goes down soon.
lot's of other places still have XP and they are big places like BP.
so the software can run in a VM / under a newer OS.
Yet another example of how technology makes us stupid. How ever did we manage BEFORE computers and computer records... I guess patients just died in the hallways. The other day I went to a tire shop and asked the guy for some tires. He said he didn't have any. I asked him if he could check to see if another store in the chain across town had some. He said the computer network was down, and he couldn't do it from there. I guess telephones no longer work for calling the other store up and asking them like they did 20 years ago.
Seven puppies were harmed during the making of this post.
Always things like lung, brain, prostate, liver, colon, rectum and other important parts. Why not cancer of the pinky ??
Because your pinky is essentially just bone, muscle, and skin, with a little fat. So when people get cancers originating in their pinkies, they get lumped up with the rest of cancers of the bones, muscles, skin, and (more rarely) adipose tissue.
I wonder if this is giving anonymous any ideas for a social hack, close the hospitals country wide because they can't do billing or check on insurance. This shows hospitals would rather close than treat someone for free.
...is that they have created a system where in they can't function as a hospital without computers.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
a trauma center and needs to be able to respond rapidly
And we all know verifying insurance without a computer slows down medical procedures.
Having to work for a living is the root of all evil.
The issue is documentation and looking up patient records.
If you do a treatment and it kills the patient, but the records show he/she was allergic to something or another doctor did the same treatment a year ago, or something related to that can land you in a lawsuit and a revocation of your license.
Electronic records are a life saver and a CYA in court in case the worse happens. So if the system is down you have to watch your back. Also people have different shifts throughout the day/night and need to know the data on existing patients as well.
http://saveie6.com/
You might consider trying to gather some actual information before forming an opinion. The healthcare complex is not fat. That's not to say it's not big, but 100% of people can and do consume healthcare.
For analysis, you can break your healthcare complex down into pharmaceuticals (medications), medical and laboratory equipment (x-ray and lab equipment), and providers, further divided into hospitals and ambulatory services. The margins start highest at pharmaceuticals and decline in the listed order. But pharmaceuticals have R&D expenses, FDA approval testing, and litigation liability. Medical and laboratory equipment(CT,MRI, and lab equipment) also have to get FDA testing and certification. Hospitals generally run with an excess revenue (income minus expenses, it's not considered "profit" in a not-for-profit or community hospital) of between a negative number and maybe 8-10%, with the average in the 5-6% neighborhood) and likely 60-80% of the budget is for nursing salaries to provide your care. For doctors, after 4 years of college, 4 years of medical school, and 3 to 8 years of post-graduate training (age 29 to 34), generally have educational debts the size of a house mortgage. And their average salaries ARE good at $175,000. Sure, you can find outliers like neurosurgeons and obstetricians, but then they pay malpractice insurance between $200K to 500,000 /year, because some people believe that bad medicine is the cause of all bad outcomes, and ignore the statistical variation of the real world and human biology, and so file suits for multiple millions of dollars.
I dislike the fact that the senior executives of health insurance companies, like most other large corporation businesses, get annual compensations the size of which could run a small hospital, but you're talking about maybe hundreds of people, and hospital executives and administration, while compensated well, are for the most part deserving of their compensation for the size of operation they manage, and likely would make a lot more in any other field.
The economic problem is that government wants to promise everyone the same set of benefits and services, so that the person on Medicaid can get the same liver transplant that someone with expensive insurance can get. While the latter is paid for by premiums paid by the insured, the former is paid for NOT by the beneficiary, but by taxes on everyone who works.
I deal with IT departments everyday for Hospitals, Schools, and other business in the South East and the biggest issue I see is lack of patching on Windows and Linux machines while keeping the virus definitions up-to-date. The IT departments know that patching is important but feel they can't patch an approved FDA device or the staff lacks the bandwidth to implement a proper patch testing cycle. The only solution that I see that consistently works for these type business is to virtually patch these machines with a host based network filter until they have been approved by the FDA. This also allows them time to test the new patches on their internal servers before rolling out to the rest of their infrastructure. No vulnerability = no mass infection.
I am working in Duluth all weekend. With high voltages so. Hmm maybe i'll be..... wait i am already careful.
They can function, and still treat patients in emergency situations. But the virus slowed down administration, as it now has to be done by hand.
The issue is liability. For good reason there are a lot of regulations around medical devices, but often in the end these regulations can conspire to make things worse.
The regulations say that you need to prove that your device works as intended. That means strict configuration control. That means testing before making changes, and tons of paperwork. Lots of testing and paperwork before making changes isn't that compatible with patch Tuesday.
Now, the guy selling the X-Ray machine gets $200k for selling you an X-Ray machine. They don't make much money testing its software every month when MS comes out with another patch. The easiest option for them is to certify it as it originally shipped and tell you that any changes are on you.
So, now the hospital can either leave the machine alone, or THEY incur all the costs on patch Tuesday.
Then the question comes up of who to sue every time a patient dies. The question really isn't what caused the patient to die - the question is who has money and can be shown to have violated some regulation who had anything to do with the patient's care. So, following the process is critical to minimizing the cost of litigation.
I can imagine that people working in that field could get quite fatalistic about all of it. Yup, it sucks, and yup, it kills more people than it should - but hey, my part of the process is being run by the book so go look elsewhere to fire somebody. In the end you can't lose your job because the system sucks, but you can easily lose it if you didn't fill out form 123A in triplicate while the virus was busy propagating.