Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan

An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.

RT OS for Reatime tasks

Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!

Re:RT OS for Reatime tasks

[DarkOx]

I have often wondered about this. Does Microsoft sell Windows license with a EULAs that don't contain prohibitions for uses cases like these?

The Microsoft software was designed for systems that do not require fail-safe performance. You may not use the Microsoft software in any device or system in which a malfunction of the software would result in foreseeable risk of injury or death to any person.

In most other engineering professions if you picked a component specifically labeled and sold as not fit for use case you'd be taking on all kinds of liability. Can you imagine if an architect decided to build a parking deck and spec'd concrete be mixed from a cement product labeled "not for structural use?"

I can hear the lawyers salivating at the very idea. Yet Windows is used in off label ways seemingly all the time.

So was this out of spec?

[GIL_Dude]

This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.

Re:So was this out of spec?

oblig:
https://xkcd.com/463/

Clearly, someone is doing their job horribly wrong.

Re:Windows 10 update will kill human beings

[Opportunist]

IIRC the EULA of every Windows version so far said that the OS must not be used in life-or-death critical operations.

Not that it isn't used in, say, nuclear plants (which are explicitly cited in the EULA, btw), but if you use something that is clearly not good enough for the job, and even tells you that it's too crappy for important tasks, well, you can't really complain, can you?