Slashdot Mirror
Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com)
An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.
There is blood on your hands nadella.
Our antivirus is completely up to da
Upgrading to Windows 10......
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!
Should such a system really have a general purpose OS. There's an advantage to keeping things simple and having dedicated hardware.
Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect. The product security recommendations, (b)(4), explicitly state, "the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files. Our experience has shown that improper configuration of anti-virus software can have adverse affects including downtime and clinically unusable performance. ".
Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.
Twinstiq, game news
This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.
This seems like another example of the cure being worse than the disease.
It just writes itself.
Antivirus systems aren't useless(I wouldn't trust their 'disinfection'; but they at least catch people reusing obsolete exploits and sometimes provide warnings that something is amiss); but this is one of those situations where hearing that antivirus software is running is a giant red flag: it usually means that a full-fat desktop/server OS with a network connection and who-knows-what-else running on it is doing the job of a dedicated computer. Quite probably being allowed to retain state over time except for the ever so occasional re-imaging. That just isn't going to go well. Even if your application needs full Windows whatever for some reason, there are plenty of ways to keep it on a much tighter leash than just shoving a desktop at the problem and hoping Norton can save you. If a system is contained by the network so that it can only talk to the external hosts it absolutely needs; and is booting from a clean, static, image every time(with all changes discarded after any data generated during the session are moved elsewhere) you are a great deal safer.
Why would anyone use Windows for a real-time critical application? There are small real-time OS's designed just for such applications.
[Insert pithy quote here]
I see what you did here, tehehehe
Stupidity is an equal opportunity striker.
Fellow slashdotter Bill Dog
When I had LASIK back in, oh, 2011, the computer that controlled the laser was running Windows 95 (I'm not kidding, at all).
"Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. "
I seriously doubt the computer was owned by the doctor. More than likely, it was procured, set up and managed by a team of IT specialist at the hospital/clinic who know little to nothing about the software that might be running on it. Likewise, if the company supplying the software isn't providing a dedicated, hardened box to run the software on, they share the blame as well. Or, I have seen dedicated boxes with all kinds of crap loaded on them by operators who had no clue what the consequences might be. The bottom line here is that maybe computers should be kept out of the operating room. Or maybe doctors shouldn't be allowed to use them.
Kind of like a rectum exam to look for an enlarged prostate... Most men will die with prostate cancer than from it... No quack is pulling out a kernel of corn from my arse just to look for something that will most probably go to the grave with me. Unless she's a hot nurse, in that case she can finger bash my rim
If the patient was a typical politician, maybe this was actually a divide by zero error?
Really?
Why anyone would put anti virus software on a computer that is isolated from the net, has likely all USB ports disabled etc. is beyond me.
Make the damn boot drive read only, put the data on a different drive/partition ... then you can even keep USB and DVD reader/writer accessible.
Just don't put a windows PC into any network unless you really knwo what you do.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
. ,even though it wasn't?), and that being able to use their knowledge of Windows is a benefit that will make their system better.
It is easy to fall for the siren-song hype from the marketeers that the general purpose operating system is up to the task (remember Microsoft's marketing push that Windows CE was a real-time operating system
Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.
It didn't try to update to Windows 10 in the middle of the procedure!!!!
I swear there has to be an international body that can declare Windows as a virus that must be eliminated from the planet before humanity can move forward.
If telephones are outlawed, then only outlaws will have telephones.
Whatever happened to a simple audio log? We've got recorders that encode directly to MP3. Just make the recording and copy it into patient files after the end of procedure.
This 'do everything with a computer' mentality is exactly why we have these nonsensical issues happening in the first place.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
O M G.. Can you imagine if windows update and antivirus ran at the same time? The world would explode!
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
I used to work for a company that built ophthalmic ultrasound machines. It was Windows based (unfortunately). IT departments, being who they are, wanted to put things like antivirus on it. Then the doctors would complain that the MEDICAL INSTRUMENT wasn't performing as advertised. They send it in to us for 'repair'. We remove the shitty antivirus (and all the other crap that IT guys would install on it), then it works perfectly again. We return it.. and IT guys would screw it up again. Rinse, repeat, ad infinitum.
MEMO TO IT GUYS: Stop treating medical instruments like they're desktop computers! Find another solution, or AT LEAST be smart about how you're installing your junk on it, IT IS A MEDICAL INSTRUMENT, DAMNIT!
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
why are they using a general-purpose OS, supplied by a company that's known not to care about security (because it costs money and profit), for *life* saving mission-critical software? i don't understand.
I'm sure it was tested...badly. Looks like an epic fail of cGMP validation.
Scruting the inscrutable for over 50 years.
For equipment like this, it's pretty common that the PC does very little and an RTOS is probably not necessary. Anything important or real-time is done on the equipment itself and the PC is just a dummy terminal. If the PC goes haywire, a watchdog timer probably puts the system into a safe state. I think that's why it's so common to use Windows.
I'm not saying it's right. In fact, it's all the more reason to use as simple and streamlined OS as possible. Something like a customized RHEL that only has enough installed to run QT.
What that says to me is that the manufacturer knew about the problem and shipped it anyway. The usual and customary practice with Windows systems, especially older versions, is to install anti-virus. On critical systems, anti-virus would be considered best practice and not installing AV could be considered reckless. The manufacturer knew that protecting the machine in the ordinary manner would endanger patients and they did nothing to either alleviate the danger (don't CRASH just because an AV scan is running) or prevent it (don't provide administrator access to the OS on a surgical device).
At some point, the developers of computers that are used in critical situations (medical operations, battleships, etc) will soon realize that it is to the detriment of their end users to use a general purpose operating system for systems.
It doesn't matter; the developers have no input about the OS to be used. That decision is made by management.
Who in their right mind designs life-critical systems around off the shelf operating systems like Windows? There's a reason aircraft computer systems are custom and highly redundant. Medical equipment of this caliber is no different.
What company produced this system? Their accreditation should be revoked.
~Any apparent grammatical or typographic errors are caused by defects in your display device.
Name a browser that hasn't had a vulnerability that can be used to install malware (Hint: even Lynx as had them)
Too expensive. Medical equipment already comes with an often insane price-tag.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
And who is going to know how to do this? You think the guy doing heart procedures knows how to configure the antivirus to that degree, or that the guy setting up the antivirus knows where the heart dude's proprietary software is saving the data files?
Hell, even as a SysAdmin I don't always know 100% what my software is doing in the background and can't account for the crazy shit my AntiVirus has done.
Not only that, but what's the point of having an antivirus if it's not scanning the locations most likely to to be changing. I'm assuming that "vulnerable files" means the OS in this case, but if those are infected your system is already owned and the first thing any good virus does is break the AV...
>
Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.
Heh. Go to any major airport with nice big screen monitors showing flight information and some percentage of them will have Windows dialogue box on them informing you of some problem...
I'm a consultant - I convert gibberish into cash-flow.
In my experience, a design-flaw this fundamental is due to coders that do not understand system administration and networking and have no clue about the failure-modes to be expected. Quite common these days.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It found a human virus?
Website Just Down For Me? Find out
Now doctors will need full local admin rights + app admin rights to turn off anything that may get in there way. In some settings (more likely with poor IT in place) may even need domain admin rights so they can over ride / block GPO's.
Granted if I were to design a medical device I would probably just use a stripped down version of Linux that just does what it needs to do.
Windows, OS X, and Linux with a full distribution on such a device is adding extra complexity where it isn't needed.
That is why a lot of these devices are still running off of DOS.
The coded application should be the star of the device not the OS which had to be configured to get out of the way,
Such a device should only have port 22 for Administration and updates, and whatever port needed to receive HL7. A Virus shouldn't have any clear path into such a device as it should be locked down.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Further to this, why do they need a Virus Scan anyway? What is a device like this doing connected to the Internet or even their Internal network?
not to install any software on it = no updates and that is bad as well when they get hacked with something that was fixed months ago in an os update.
How about not being online? At the cost we pay why should the system need to link to some E-doctor in el salvador?
The surgeons should be happy and thankful for these automatic anti virus scans done by these machines. Come on, people, there is a patient on the gurney with chest cavity open, exposed to all sorts of pathogens in the atmosphere. Fungus spores, pollen, bacteria, virus all sorts of things want to get into the body and wreak havoc. It is a good thing, there are machines to do real time anti-virus scans. People complaining about it, being smug and superior over Microsoft, what the hell?!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I too am looking forward to the days where people can .... read the details of what happened and stop blaming the underlying OS for a poorly coded program connected to a poorly coded device.
I actually wish that this computer ran Linux. Then maybe we could have a proper discussion about the coding processes used in this specific application rather than the frothing at the mouth while ranting about Windows that every modded up Slashdot post here has become.
But sure carry on writing in bold without having a clue what you're talking about
The "need" for antivirus can be greatly diminished if these hosts are simply isolated properly.
If they want it on the domain for manageability, fine. Allow Kerberos/LDAPS/CIFS to domain controllers and Kerberos/CIFS to a file server for data transfer. Run antivirus on the file server.
Block everything else if you can, but make absolutely sure to deny HTTP and SMTP.
Put the damn things on their own subnet and enforce the restrictions via network ACLs so even the "clever" users can't disable it.
Medical and industrial equipment vendors have zero interest in making sure their tools work properly on a normal enterprise workstation. So give them their little sandbox, and keep them as far away from the business network as possible.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
complete fucking insanity is why IoT needs to be stopped. Here's a fucking crazy thought: don't connect complex medical equipment that is involved in keeping people alive during medical procedures to the internet at all. Ever. Under any circumstances. Use AV to pre-screen shit before you install it. While I'm on the table in a hospital in Canada, cut wide open, I am pretty damn sure no one in Finland needs to know what's up with the machine monitoring my heart. And I know my doctor doesn't need to be looking for kitten videos. Jesus Fuck when will these people get a damn clue?! THIS SHIT is why I don't want a self-driving car; it's not because I don't like the idea, it's because I don't trust an auto maker to get it right. They might be flawless for some time, and then... then some fucking moron is going to push an on-air update while I'm up in the mountains with no guardrail and off I go. Let's leave the internet to the stuff that can't kill us, PLEASE.
Who the fuck uses a non-embedded version of Windows in a fucking invasive medical device *anyway*? It's almost absurd. I use embedded windows in several hard-realtime control systems with 250us cycle times (hard deadlines: you're late and and some expensive metal chunks crash into each other), and it works just fine... Someone dun goofed big time. These systems use built-in firewalls, are not updated willy-nilly, run only necessary services, and the software load is considered to be like firmware: no user and no IT department can mess with it. The OS and our software is running off read-only media anyway, and writable overlay is on a battery-backed, crash-surviving ram disk. This shouldn't be any different in a catheterization system. Once the procedure is done and the data synced with central server, the ram disk should be reset.
A successful API design takes a mixture of software design and pedagogy.
"the whole incident was nothing more than an oversight on the medical unit's side"
What if the unit had started to record erroneous date in the middle of the operation, would that also make an oversight on the medical unit's side. seriously, what the fuck is Windows even doing in an Operating Theater.
Never thought I would get to say that on /.! I work in a hospital and set up PCs for Cath-lab, surgical anesthesia monitors and stuff all the time. As far as this goes the hospital usually just buy the seats (or whatever) for the software and you install it. All the software like this comes with explicit and unambiguous instructions for directory and file type exclusions. Right or wrong, the software will run fine if this is done correctly - it will crash if it is not. First, all the posters are right, windows is crap and shouldn't be used. But it is chicken and egg - the hospitals buy it because that is what all the vendors write their apps for, and the vendors code for Windows because that is what hospitals buy. I am stuck with it. There are a few vendors that run Linux end-to-end, but it is rare.
Finally, I have proof for the PHB's that McAfee kills!
Table-ized A.I.
Running Antivirus or any other unneeded software on a critical medical computer is Wrong.
Connecting a critical medical computer to any network, that would make Antivirus necessary, is Wrong.
Having the Medical software crash because it could not access data is Wrong.
"If Engineers built buildings the way Programmers write programs, the first woodpecker that came along would destroy civilization!"
Beware, it is not going to be long before companys, and even individuals, will be sued for things like this. It already happens in other fields.
the app...
An app? So it was running on a mobile phone? or tablet
... crashed spectacularly
The crash was spectacular... so how was it different or spectacular? In what way was this so much more special than a regular program crash?