Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Virus Forces Hospital To Divert Ambulances

Posted by Soulskill on from the outbreak-at-the-hospital dept.

McGruber writes "The Atlanta Journal Constitution newspaper is reporting that a hospital with campuses in Lawrenceville and Duluth, Georgia turned ambulances away after the discovery of 'a system-wide computer virus that slowed patient registration and other operations.' They're only currently accepting patients with 'dire emergencies.' A spokeswoman for the hospital said the diversion happened because 'it's a trauma center and needs to be able to respond rapidly.' The situation began on Thursday afternoon and is expected to last through the weekend."

43 of 213 comments (clear)

  1. We're in a sad state when... by kryptKnight · · Score: 5, Insightful

    The hospital is still treating patients in emergency situations but is asking people with minor ailments, such as sore throats or sprained ankles, to contact their regular providers, Okun said.

    We're in a sad state when people need to go to the hospital to deal with sore throats and sprained ankles.

    --
    Facts do not cease to exist because they are ignored. -Aldous Huxley
    1. Re:We're in a sad state when... by Anonymous Coward · · Score: 2, Insightful

      And when hospital computers run Microsoft operating systems!

    2. Re:We're in a sad state when... by hedwards · · Score: 3, Informative

      Yes, but until the health care reform package runs most of the for profit insurance companies out of business that's going to remain to be the case.

      Sprained ankles though I wouldn't lump as a minor ailment. You don't necessarily always know if it's a sprain or a minor factor or torn ligament. Delaying care can end up costing a lot more money and result in inferior recovery.

    3. Re:We're in a sad state when... by The+Pirou · · Score: 3, Insightful

      Catch a sore throat on the weekend as someone with an issue with their immune system when your regular care provider is unavailable, I think I'd go to the hospital too. Likewise if I was aged and fell, causing a swelling of the ankle. The injury could potentially be life threatening.

      Just because we're young and durable doesn't mean that there aren't a good number of others who have genuine health concerns that seem trivial to us.

    4. Re:We're in a sad state when... by stevedog · · Score: 2

      A sore throat is actually a pretty good patient. At least they have a diagnosable condition, and that puts them at least in the Top 40%. You'd be surprised how many patients' chief complaint is "my back hurts. It's been like this for the past year. I'm just tired of it."

    5. Re:We're in a sad state when... by ClioCJS · · Score: 4, Informative

      Then I'd go to an urgent care clinic, which takes both my insurance and cash-only payments from people who don't have insurance. If you want to win your argument against the parent post you responded to, you're going to have to beat my argument I just submitted just now. Urgent care clincs outnumber hospitals. There may be rural exceptions, but I don't think this place is rural.

      --
      -Clio
      Karma: Bad (mostly from not giving a fuck)
      Blog: http://clintjcl.wordpress.com
    6. Re:We're in a sad state when... by Ethanol-fueled · · Score: 3, Insightful

      Yes, but until the health care reform package runs most of the for profit insurance companies out of business

      Whatever profits are to be purportedly "lost" during the healthcare reform will be made up by others' mandatory enrollment. It's all feelgood bullshit to keep the same ridiculously bloated healthcare complex fat. There are no real compromises here, and as usual, the common man loses.

      It's funny how all the big-business parrots are decrying it as "socialism," the for-profit healthcare complex is a big-businessman's wet dream.

      Also, the computer virus was because Windows.

    7. Re:We're in a sad state when... by jd · · Score: 4, Insightful

      A sore throat can be something trivial, but it can also be something major. Going to a GP to have it checked out rather than waiting and seeing is the height of common sense. A hospital, not so much. Hospitals can do nothing a GP can't do, for those sorts of ailments. Hospitals only make sense if you actually need centralized, high-end medical treatment. You can't fit an MRI into a GP's office and a doctor certainly can't take one with them if they're doing house calls, nor will smaller facilities be able to detect everything in-house.

      Oh, I thought you were referring to a society with sensible health-care!

      The most intelligent health-care systems are ones where the method of delivery is one that suits the complaint. That doesn't necessarily mean the best - a poor but intelligent system will be more effective than a poor but stupid one, and will also be more reliable and more responsive than a rich but stupid one, but the rich but stupid system will still deliver better results in the end. What you want is rich and intelligent, but no country currently does that.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    8. Re:We're in a sad state when... by jd · · Score: 4, Funny

      Yes, but in Australia you've salt water crocodiles to solve your problems with politicians.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    9. Re:We're in a sad state when... by broken_chaos · · Score: 2

      Depending on the context, sprained ankles can make sense -- some sprains are difficult for the layperson to differentiate from a break.

      Sore throats... Well, not unless someone is immune suppressed or they're in a situation where a walk-in clinic or their regular general practitioner is unavailable.

    10. Re:We're in a sad state when... by fsckmnky · · Score: 3, Funny

      It didn't have to be mentioned, because everyone knows Windows has all the viruses. ;)

    11. Re:We're in a sad state when... by hawkinspeter · · Score: 3, Informative

      Going to hospital with heartburn is actually very common, especially for people with angina. Heart attacks and heartburn have almost identical symptoms, so it makes a lot of sense to go to hospital when you've got an existing condition.

      --
      You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
    12. Re:We're in a sad state when... by Grishnakh · · Score: 4, Insightful

      What if you're poor? You have two choices:
      1) Urgent care, which takes cash-only payments (and usually requires them up-front), or
      2) Emergency rooms, which are free; you just have to say "I don't have insurance and I don't have any money". Or even better, you can say "No habla Ingles". The hospital is required to treat you, and then pass the bill on to all the other patients by charging them $10 for a tylenol pill and $20 for a band-aid.

    13. Re:We're in a sad state when... by Grishnakh · · Score: 2

      There's a reason for this stuff: long waits are necessary because there's dozens of people there bringing their kids in for runny noses and sore throats. Charging $500 for a bandaid is necessary because all those dozens of people there for common colds aren't going to pay, so they have to pass the costs for all the non-payers on to people who do pay.

      Fix the healthcare system in this county and you wouldn't see this crap.

    14. Re:We're in a sad state when... by Datamonstar · · Score: 5, Informative

      I'm currently inside a hospital data center and I can tell you that windows is behind the scenes of a lot of the systems we use. Everyone in "the know" thinks it sucks that the majority of the problems we encounter is because of borked hardware configurations in appliance machines or Windows servers. We are on mainframe (as of today, it's still the only way to get everyone's critical data to almost a dozen moajor sites at once with 99.9 uptime and I don't see us abandoning it anytime soon) and there is a god-damned Windows server that is only used to encode EDI transactions to the JES2 spooler that always crashes, causing the spool to fill up, endangering the entire system. It's a very serious problem as the only solution to it once JES is full is to IPL the system.

      The server in question doesn't even show an error message. Well, sometimes it does, sometimes it doesn't. you can stop and start the services all you like, but you're just wasting time as the JES2 spool gets bigger. The only solution is to reboot the Windows Server. It is redundantly mirrored, but we any of you with any sense will know that this does not make the situation any less frightening. The mirror is bound to be subject to the exact same problem, since it's software-related, which would put you back at square 1 in the event of a fail-over.

      Don't even get me started about malware. Of course, all the workstations throughout the system are Windows systems. Those should not matter in case of a power outage or system-wide failure because we have downtime procedures in place, but let's face it, we'd be majorly crippled if we were to ever loose our entire network and it would likely impair our ability to serve customers. Although it shouldn't. So far we've been lucky.

      --
      The eternal struggle of good vs. evil begins within one's self.
    15. Re:We're in a sad state when... by dmr001 · · Score: 2
      Why, you use the Ottawa Ankle Rules, which are an evidence-based method to determine whose sprained ankles deserve an x-ray to rule out a fracture. It turns out the same mechanism of injury - getting your foot bent under (usually the outside part going down, called inversion) is not only an excellent way to cause a painful ankle sprain, but has a habit of tearing the very bottom part of your fibula off, which will buy you a few weeks in a walking boot or similar cast.

      In case I'm still not being clear, this means that the parent's suggestion of going to a hospital, urgent care clinic, or your primary physician's office is reasonable. Using the Ottawa ankle rule rule on yourself, I suppose, might save you a trip, though in my experience it tends to rule most people in for an x-ray, so you'll be headed in anyhow.

    16. Re:We're in a sad state when... by baegucb · · Score: 2

      You can dynamically add volumes to the JES2 spool. No need for an IPL. That's what your system programmer should doing. And automation should be running a command such as $DJOBQ,SPL=(%>3.0) every 5 minutes or so to check for jobs with high spool utilization, triggering an alert to the consoles.

    17. Re:We're in a sad state when... by Runaway1956 · · Score: 2

      Every single operating system known to man is prone to viruses - some more so than others. More to the point, would be asking about exploits, rather than viruses. All systems have exploits. The only reason Linux and/or Mac is more secure than Windows, is the philosophy behind security. Windows sacrifices security for convenience, Linux sacrifices some convenience for security, and Mac is somewhere between the two.

      But, an idiot can compromise any system, in about two heartbeats, if he is given admin powers.

      The user is key, when it comes to security! No Linux user is willing to trust the health of his system to Symantec. Millions of users are willing to trust Symantec.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    18. Re:We're in a sad state when... by Jawnn · · Score: 2

      Then I'd go to an urgent care clinic, which takes both my insurance and cash-only payments from people who don't have insurance.

      Typical out-of-touch-fuckwit response. How many of those who don't have health insurance can afford even the lower rates that urgent care clinics charge? Hmmm?

  2. Nuisance, Not Crisis by stevedog · · Score: 5, Informative

    I work at a trauma center, and we go to diversion all the time. It happens whenever the ER gets backed up to the point that the patients would be better served by going to a less-full ER than by coming to ours, even if that ER is a little further away. This happens at least twice weekly, although perhaps not as often as other, less busy ERs. Yes, the virus undoubtedly brought them to this clogged state much faster, but this isn't nearly the crisis the summary (or the article it is summarizing) makes it out to be.

  3. Bad IT isn't uncommon in hospitals by ChumpusRex2003 · · Score: 4, Insightful

    Hospitals are often quite badly prepared for this sort of thing. A big problem is the number of computerised "medical devices" where the vendor insists on a very specific update policy (or very specific restrictions on 3rd party software).

    I worked at one hospital where Confiker took the whole IT system down. A big problem in repairing the damage was that there were a lot of PACS (digital X-ray/CT/MRI viewing/storage) workstations where the PACS vendor would not permit the relevant windows updates or a 3rd party anti-virus to be installed on the servers/workstations. They relented after a 24 hour stand-off, after they realised that they was nothing they could do to keep the system happy enough to meet the SLA without the updates and a suitable anti-malware.

    I work at another hospital now, where similar lack of updates due to comparability with old business apps prevents updates. E.g. The PCs still run XP SP1 (even the brand-new quad core xeons). There also doesn't appear to be funding for updating anti-malware - the hospital use Sophos 7 (which became unsupported last year).

    This hospital has chronic problems with virus/malware infestation on a number of office machines - but while IT can clean the computers manually, there seems to be a reservoir if infection on file-servers, USB drives, etc. So the infections come straight back after a manual deletion. This hasn't caused a catastrophe locally, so management don't seem to care, but it is a major annoyance, as infected documents frequently end-up getting e-mailed out to other hospitals/doctors and destroyed without trace by the recipient's e-mail system. Docs have been known to put the files on a USB stick, take it home, clean it with an up-to-date virus scanner and then e-mail it out.

    1. Re:Bad IT isn't uncommon in hospitals by Anachragnome · · Score: 2

      "This hospital has chronic problems with virus/malware infestation on a number of office machines - but while IT can clean the computers manually, there seems to be a reservoir if infection on file-servers, USB drives, etc. So the infections come straight back after a manual deletion. This hasn't caused a catastrophe locally, so management don't seem to care, but it is a major annoyance, as infected documents frequently end-up getting e-mailed out to other hospitals/doctors and destroyed without trace by the recipient's e-mail system. Docs have been known to put the files on a USB stick, take it home, clean it with an up-to-date virus scanner and then e-mail it out."

      It sounds like you're describing the MRSA phenomenon that many hospitals are experiencing. Perhaps the root of both problems lies in a common practice that, once addressed, could solve both issues?

    2. Re:Bad IT isn't uncommon in hospitals by datavirtue · · Score: 2

      That was my first thought. No plan. As a technologist I'm peeved by the fact that people assume a system will always function properly because it always has in the past. Therefore it is terribly difficult to get a business to plan for outages.

      --
      I object to power without constructive purpose. --Spock
    3. Re:Bad IT isn't uncommon in hospitals by jombee · · Score: 2

      Yes, for very good reason network medical device vendors are specific as to what client software modifications can be made. This includes client-side security measures such as service packs, security patches, and antivirus. This is primarily due to FDA regulations which require full software qualification, validation, testing, and documentation. The full scope and diligent execution of an FDA-compliant quality safety process takes time and costs money. This is not like IT operations patching a web server; a patient on the table in a procedure requires all device imaging and monitoring systems to work flawlessly, exactly as designed. Any issues that arise will require an FDA adverse event report from the manufacturer and if the device has been modified from its FDA approved baseline then responsibility may fall on the hospital; then watch as the lawyers pull out all the stops, especially if patient treatment was affected.

      I work directly in this field. Once hospital IT get their head around these facts, it's time to think outside of using traditional client-side security mitigation techniques. It's routine for me to find hospital IT networks with no mitigating network security controls controls, no VLAN segmentation, no ACL entries, no routing chokepoints, firewall rulesets with ANY/ANY permitted, and the inevitable infected medical devices. It's a shame for patient safety.

  4. Hospitals have terrible obsolete platforms by Billly+Gates · · Score: 5, Interesting

    I did a contract with one last March which was upgrading to new state of the art medical billing system to be Obamacare compliant.

    Ran Windows 7? No. Windows XP Service pack 3 right? No. Windows XP SP 2 with IE 6?!

    Normally it is not an issue but with HIPPA it is very serious this irritated me. Someone can literally hold the hospital hostage if these medical records for tens of millions of dollars and they need at least a patched and still supported version of XP like corporate America does. The problem is custom medical software and custom devices for Xrays and MRIs use IE 6 still and are not certifed with XP SP 3 ... unless you give them $$$$ to buy all new epuipment over again. This is new software being developed in 2010 I may add requiring IE 6 and some software wont even run with SP 3 on XP. This means no security patches.

    It does not surprise me there are viruses on hospital computers as they can't be patched. WIth HIPPA you would think a hospital would always demand and use state of the art fully patched systems for security. But if were the medical records software company or make MRI machines I would be still requiring IE 6 too so I can then price gouch and double dip and charge3 another $400,000 in 2013 when support ends. I can make even MORE money. ... end rant

    The greed is incredible in the industry, but doctors can be the most and worst clients and users if you chat with anyone who supports them. THey feel supperior because they have those PHDs and make tons of money. Luckily I just helped install stuff and ignored the rest of the staff. As a result I.T. staff just never upgrade as they do not want to deal with these users at all

    --
    http://saveie6.com/
    1. Re:Hospitals have terrible obsolete platforms by anomrabbit · · Score: 2

      And you'd think that someone who claims to have worked on something relating to medicine would know that doctors have MDs.

  5. Re:Wait a second by Nidi62 · · Score: 4, Insightful

    What happened back then was it took a lot more staff to treat a lot more people. This issue isn't keeping doctors from treating patients, it's keeping them from treating as many patients. Everything is probably having to be done on paper, which means that someone (a nurse more than likely) has to walk that paper where ever it needs to be. This has the double impact of taking more time than it normally would, and requiring someone to take time out their normal duty to move it. That is why they are still taking actual emergency cases, and turning away non-life threatening, less serious cases. So that the ER does not get completely backed up that they can't treat a life-threatening case that may show up.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  6. why can't 3rd partys be forced by hipaa by Joe_Dragon · · Score: 2

    to let IT install updates / anti-virus?

  7. Re:Wait a second by ColdWetDog · · Score: 3, Interesting

    If the computer system shuts down and workflow speeds up then you know you have a problem.

    --
    Faster! Faster! Faster would be better!
  8. not an infrequent occurrence by Caesar+Tjalbo · · Score: 2

    Viruses are not an infrequent occurrence at the hospital, she said, but it’s never seen anything like this one.

    What gave it away? The patients had mice attached to them?

    --
    "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
  9. The Onion? by ClickOnThis · · Score: 2

    Am I the only one who parsed this headline and thought it was something from The Onion?

    Net we'll see "CERT Advisory Issued for Swine Flu Virus"...

    --
    If it weren't for deadlines, nothing would be late.
  10. Re:which o/s by jd · · Score: 4, Insightful

    Perhaps, but IE is a major security hole. At the very least, hospitals should be absolutely required to use a secure browser. Secondly, with ERP, etc, being browser based, there's no difference from an operator standpoint between Windows and OpenBSD. You still click links, you still open tabs, you still get to set the wallpaper on the background. Ergo, there's no rational reason to use something that's expensive and insecure over something that's cheap and secure. If there are no platform-specific apps (they're all web-based) then go with the OS that is least likely to endanger service.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  11. This is by Dunbal · · Score: 3, Insightful

    Yet another example of how technology makes us stupid. How ever did we manage BEFORE computers and computer records... I guess patients just died in the hallways. The other day I went to a tire shop and asked the guy for some tires. He said he didn't have any. I asked him if he could check to see if another store in the chain across town had some. He said the computer network was down, and he couldn't do it from there. I guess telephones no longer work for calling the other store up and asking them like they did 20 years ago.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:This is by zootie · · Score: 4, Insightful

      While I might agree that some people do become stupid with tech (and oversimplify the complexity that computers are covering up and compensating), we also can't oversimplify the fact that it's not trivial to go back 20+ years to pre-computer procedures overnight for a temporary problem that will go away in a few days (or minutes or hours, as in the case of the tire shop employee).

      Besides employees not getting paid enough to go the extra mile (or that they're supposed to be doing something else), the likely end reason is likely that it isn't affordable or efficient or even possible. As it is, a common complain in the healthcare industry is that they're understaffed, and with automation, the number of employees has been reduced so much they would never be able to deal with the backlog manually (assuming that enough employees had the training to deal with pre-computer issues). Not to mention that in a complex team workflow, exceptions would make it risky (ie, if the patient isn't registered in the system, his/hers tests can't be attached, so the doctors can't access them properly, opening the hospital to liabilities).

      Old systems likely broke down and got replaced by digital systems that require much less from their operators. Before they might have been able to print, but maybe that printer isn't there anymore. Going all the way back to pre-computers might mean leaches.

      As for your tire experience. Maybe the employee was lazy and wasn't willing to go the extra mile. Or maybe he didn't have a yellow pages or a company directory (which might have been on-line). Or, likely, he is supposed to tend the counter, and isn't allowed to do something else when he is supposed to be servicing people coming in the door (or answering the phone). In the "olden days", we might have been dealing with the store owner, which would be more inclined to GEM, but with franchises and staffs cut to a minimum for the sake of 80%+ normalcy, it's no surprise that the quality of service suffers.

      In spirit, I agree that computers have made it too easy for stupidity to thrive. In fact, they have made it so easy that it is endemic at the business level, not just at the employee level. Rather than doing the work, businesses just farm it out to someone else, and then to someone else (ie, the "Cloud philosophy"), and you end up dealing with shells that are so far removed from the data that have no knowledge or interest in providing a reasonable service that falls slightly outside the normal expectation. And even when it's a typical offering, quality is often substandard and it only fulfills the need in the most general sense. But I'm starting to digress to another topic, so I'll stop.

    2. Re:This is by Anonymous Coward · · Score: 2, Informative

      As someone who works in a hospital i can tell you that reverting to a paper and pencil system requires at least 10x the number of workers for the same number of patients. And they would make many life threatening record keeping mistakes mistakes that are time consuming to identify since they would have to use this system infrequently if ever.

      As an example transcribing dozens of lab values on possibly hundreds of patients and a worker transposes a potassium of 7.3 to 3.7. That patient could die from that simple mistake.

  12. Re:which o/s by JDG1980 · · Score: 2

    Perhaps, but IE is a major security hole.

    IE8 and IE9 are fairly secure, especially if paired with Vista or Windows 7, which support protected mode. Now, if they're still using IE6 on XP, then they're screwed.

  13. The Real Story... by sycodon · · Score: 5, Insightful

    ...is that they have created a system where in they can't function as a hospital without computers.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:The Real Story... by Anonymous Coward · · Score: 3, Insightful

      they can't function as a hospital without computers.

      Change "computers" to "Windows" and you'll be getting to the heart of the problem.

    2. Re:The Real Story... by prisoner-of-enigma · · Score: 3, Insightful

      There are two main reasons this has become true: electronic medical records and efficiency. The former is being mandated by the government. The latter is due to the lack of enough people to fill slots in the healthcare industry due to the personnel crunch, requiring hospitals to do more with less.

      I do technology consulting for hospitals. One thing that's always pissed me off is the nursing shortage. Hospitals go out of their way to woo doctors to their facilities, but nursing pay remains pathetic by comparison. Yet nurses work the same crappy hours and put up with the same ornery patients. Is there any wonder why there's a shortage of people entering the nursing field? And yet the hospitals *can't* really pay the nurses more because nearly all of them are teetering on the verge of bankruptcy at any given time due to Medicare's payment schedule.

      --
      In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
    3. Re:The Real Story... by TheLink · · Score: 2

      I on the other hand can't do my job without computers - not so easy to VPN in to a remote server to do stuff without a computer. The tech has gone beyond manual "pulse dialling" by tapping the phone hook, and then whistling the modem tones :). Of course without computers, there wouldn't be servers at the other end to VPN to either... ;)

      Seriously though, a lot of manual work has been replaced by computers. So there are actually a lot fewer people doing those jobs. When the computers stop working, those few people might be able to do some stuff, but 1) they can't handle the same amount of transactions and 2) When the computer systems come back online, it's going to take yet more work to key everything in, and depending on how things work, you might have to wait till everything is keyed in, before you can proceed to handle new transactions with the computer system (this might be true for stuff like banks). So it's often just better for staff to wait till the computer system is back up.

      Anyway, I wonder what sort of virus it was, or it was just someone's excuse for some SNAFU/FUBAR ;).

      --
  14. ASAP! by sgt+scrub · · Score: 2

    a trauma center and needs to be able to respond rapidly

    And we all know verifying insurance without a computer slows down medical procedures.

    --
    Having to work for a living is the root of all evil.
  15. Medical Device Patching Conundrum by tstacysd · · Score: 2

    I deal with IT departments everyday for Hospitals, Schools, and other business in the South East and the biggest issue I see is lack of patching on Windows and Linux machines while keeping the virus definitions up-to-date. The IT departments know that patching is important but feel they can't patch an approved FDA device or the staff lacks the bandwidth to implement a proper patch testing cycle. The only solution that I see that consistently works for these type business is to virtually patch these machines with a host based network filter until they have been approved by the FDA. This also allows them time to test the new patches on their internal servers before rolling out to the rest of their infrastructure. No vulnerability = no mass infection.

  16. RTFA by Hentes · · Score: 2

    They can function, and still treat patients in emergency situations. But the virus slowed down administration, as it now has to be done by hand.