Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com)

Posted by BeauHD on from the Windows-10-Update dept.

An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.

46 of 266 comments (clear)

  1. No problem by NotDrWho · · Score: 4, Funny

    Our antivirus is completely up to da

    Upgrading to Windows 10......

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:No problem by Anonymous Coward · · Score: 3, Insightful

      Many(most) Hospitals and medical centers are still stuck on Windows XP, there's no upgrading to Windows 10.

    2. Re:No problem by xSauronx · · Score: 2

      seriously. hospital IT has to lag way behind, often because vendor software doesnt support newer OS versions. I know a medical center that has thousands of desktops and only started rolling out windows 7 last year.

      I was an intern there 5 years ago, and i was on the team that was deploying XP SP2 [yes, 2, not a typo] at the time.

      many of their software vendors are the frickin worst.

      there were some scanner pcs, like for x-rays or MRIs or something, i don tknow what, that ran Windows NT or Win2k--i would not be surprised if some of them were still there.

      --
      By and large, language is a tool for concealing the truth. -- George Carlin
    3. Re:No problem by some+old+guy · · Score: 4, Interesting

      Having worked in biochem, it's not the hardware vendors causing the lag, it's the FDA-mandated cGMP validation and certification process that takes for.fucking.ever and has to be repeated for every tiny little change. Yes, it helps ensure quality and consistency, but it is painfully slow and discourages change, however desirable.

      --
      Scruting the inscrutable for over 50 years.
    4. Re:No problem by mrchaotica · · Score: 2, Insightful

      The only sane way to develop such a thing would be for the vendor to be responsible for the entire software stack from the firmware on up. This sort of stuff should never be built on Windows in the first place!

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    5. Re:No problem by St.Creed · · Score: 2

      I really can't tell if you're joking or not. I guess you are, since you are very far from reality.

      If you did mean this to be taken serious, I'd like to see you give a cost estimate for building a "hello world"-app as per your proposal.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    6. Re:No problem by jbmartin6 · · Score: 2
      Not correct. I know medical vendors like to use this as an excuse. But the FDA continues to state that software does not need to be recertified except in cases of major changes to the functionality. The manufacturer is still responsible for quality testing however.

      Ordinarily, FDA will not need to review software patches before a device manufacturer puts them in place. FDA views most software patches as design changes that manufacturers can make without prior discussion with FDA. ......For example, manufacturers need to seek FDA's approval or clearance before installing a software patch if it would change who it’s for, what it does, or how it works (a change in the indication for use), and/or it would make the device less safe and effective.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    7. Re:No problem by Darinbob · · Score: 2

      Because Windows is designed at every stage to be a general purpose computer. It is marketed primarily to corporate and home users. But these are specialized machines. They may not have a UI that conforms to any Windows standard, there is absolutely no need for a "desktop", they're always turn-key systems. Windows brings no advantages to the system unless it's as a display platform, in which case you separate the Windows machine from the medical machine and have them be independent (ie, take X-rays from one machine, send the images to a database, then the Windows machine can browse and display the images without screwing up the medical machine). If there is nothing whatsoever in the system that needs Windows then it's stupid to use Windows as the base. If you need tasks then use an RTOS.

    8. Re:No problem by thegarbz · · Score: 2

      But these are specialized machines. They may not have a UI that conforms to any Windows standard, there is absolutely no need for a "desktop", they're always turn-key systems. Windows brings no advantages to the system unless it's as a display platform, in which case you separate the Windows machine from the medical machine and have them be independent

      Indeed, and this was the case here. The equipment itself didn't run windows, it did it's stuff and sent data to monitoring / logging software on windows via a serial link. The display and monitoring software was what froze. But more interestingly it froze entirely because someone didn't RTFM when they setup the machine.

      Idiots and crappy programmers are OS agnostic.

  2. RT OS for Reatime tasks by Anonymous Coward · · Score: 5, Insightful

    Picking an OS that clear says not use it for real time possible life endangering task is a huge mistake!! QNX, RT_Linux, and more!!! Hello!!!

    1. Re:RT OS for Reatime tasks by DarkOx · · Score: 4, Insightful

      I have often wondered about this. Does Microsoft sell Windows license with a EULAs that don't contain prohibitions for uses cases like these?

      The Microsoft software was designed for systems that do not require fail-safe performance. You may not use the Microsoft software in any device or system in which a malfunction of the software would result in foreseeable risk of injury or death to any person.

      In most other engineering professions if you picked a component specifically labeled and sold as not fit for use case you'd be taking on all kinds of liability. Can you imagine if an architect decided to build a parking deck and spec'd concrete be mixed from a cement product labeled "not for structural use?"

      I can hear the lawyers salivating at the very idea. Yet Windows is used in off label ways seemingly all the time.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:RT OS for Reatime tasks by DarkOx · · Score: 2

      I don't know, I mean IANAHS (I am not a heart surgeon) but it seems to me that we are using all kinds of imaging equipment to do things like laparoscopic surgeries that we could not have done before. This isn't like the lane departure warning sensor in your car failing, where you can just drive like you always used to do. Its seems very possible that the loss of imaging equipment in the OR mid surgery could throw the entire plan off in away that very well could endanger the patients life.

      Even monitoring equipment: Is a modern anesthesiologist prepared to wait for nurse to have to count out a pulse in the middle of a procedure that was supposed to be done with technical assistance?

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    3. Re:RT OS for Reatime tasks by peragrin · · Score: 2

      Except the camera is how they see. You should look up the procedures for heart catjorization and how they put in stints. It is scary if you go blind at the wrong time.

      --
      i thought once I was found, but it was only a dream.
    4. Re:RT OS for Reatime tasks by alantus · · Score: 2

      Nobody just don't care before it's their precious mommy that is going because of it.

      Ain't nobody got time for that.

    5. Re:RT OS for Reatime tasks by worf_mo · · Score: 4, Funny

      What's a PTB?

      Pointy-tailed Boss

  3. Manufacturer Narrative from FDA report. by Anonymous Coward · · Score: 5, Informative

    Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect. The product security recommendations, (b)(4), explicitly state, "the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files. Our experience has shown that improper configuration of anti-virus software can have adverse affects including downtime and clinically unusable performance. ".

    1. Re:Manufacturer Narrative from FDA report. by Anonymous Coward · · Score: 2, Insightful

      Which completes excuses the unhandled exception in the product that they clearly knew about, or they wouldn't have so explicitly worded the instructions. I see the manufacturer failed to learn the lessons from the Therac-25.

      Any system that requires humans to follow instructions that they read once a long time ago, but must follow exactly on a rarely performed task is an accident waiting to happen.

    2. Re:Manufacturer Narrative from FDA report. by Ol+Olsoc · · Score: 2

      Based upon the available information, the cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect.

      Fact is, this is exactly what you are going to get when using a Windows based system. You assume at the beginning that all problems are your fault, and that you must anticipate everything.

      Based upon experience, they were also at fault because they were using Windows. Never at fault is the Windows operating system.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:Manufacturer Narrative from FDA report. by l0n3s0m3phr34k · · Score: 2

      And running a scan EVERY HOUR seems overkill, not to throw puns around. These devices shouldn't even have real internet access, nor should they be accessed for anything that they need 24 virus scans run on them every day.With the speeds I've seen most scanners run at, it seems to me that this machine would be spending at least 25% of it's time running one of it's 8,760 yearly scans.

  4. Don't use windows for this by HalAtWork · · Score: 2

    Use some dedicated hardware with a custom software system with only components designed for the purpose of the machine and nothing else. Harden and sanity check the hell out of the I/O and connect THAT to your idiot box.

    --
    Twinstiq, game news
  5. So was this out of spec? by GIL_Dude · · Score: 4, Insightful

    This is interesting; the configuration on a device like this should be highly controlled. I have no experience with medical devices, but I know that process control equipment generally has vendor approved configuration (and often they only certify one AV vendor so even if our corporate contract is with vendor A, we have to use vendor B for the process control stuff because that is what is certified by the control system vendor. They also have very specific settings you have to use. Failure to follow the settings could result in lack of process control at a critical time. It seems medical stuff must be under similar (if not even more restrictive) configuration control. Having AV do a "scan" every hour is very stupid since any competent AV is doing on-access scanning anyway. I would expect the vendor for the software has specified folders / files / etc. that must be exempted from the scan as well (vendors for process stuff such as Yokogawa, etc. specify that). Seems to be a configuration failure on the part of the facility.

    1. Re:So was this out of spec? by jfdavis668 · · Score: 5, Informative

      The device was hooked via a serial cable to a PC to record the logs during the procedure. The PC antivirus ran, and locked the log file to scan it, causing the medical device to crash. Yes, that is a very bad way to design a machine.

    2. Re:So was this out of spec? by Anonymous Coward · · Score: 4, Insightful

      oblig:
      https://xkcd.com/463/

      Clearly, someone is doing their job horribly wrong.

  6. Re:Windows 10 update will kill human beings by mlw4428 · · Score: 3, Insightful

    For what? This was an antivirus scan and the report itself doesn't mention an OS. Furthermore, this crash brought down the whole system. If developers are writing their software to utilize drivers, they ought to make sure those drivers aren't so buggy that the mere stopping of data will tank the entire system...especially a system that should be as close to "bulletproof" as bulletproof can be in the technological sense of the word.

  7. Scanning for viruses during heart surgery by ZipK · · Score: 4, Funny

    It just writes itself.

  8. Sometimes 'antivirus' is a warning sign... by fuzzyfuzzyfungus · · Score: 4, Interesting

    Antivirus systems aren't useless(I wouldn't trust their 'disinfection'; but they at least catch people reusing obsolete exploits and sometimes provide warnings that something is amiss); but this is one of those situations where hearing that antivirus software is running is a giant red flag: it usually means that a full-fat desktop/server OS with a network connection and who-knows-what-else running on it is doing the job of a dedicated computer. Quite probably being allowed to retain state over time except for the ever so occasional re-imaging. That just isn't going to go well. Even if your application needs full Windows whatever for some reason, there are plenty of ways to keep it on a much tighter leash than just shoving a desktop at the problem and hoping Norton can save you. If a system is contained by the network so that it can only talk to the external hosts it absolutely needs; and is booting from a clean, static, image every time(with all changes discarded after any data generated during the session are moved elsewhere) you are a great deal safer.

  9. Seriously? by rlp · · Score: 2

    Why would anyone use Windows for a real-time critical application? There are small real-time OS's designed just for such applications.

    --
    [Insert pithy quote here]
    1. Re:Seriously? by jfdavis668 · · Score: 5, Informative

      The machine didn't use Windows. It was hooked to a PC to record the logs during the procedure so the doctor could review them later. The AV software locked the log to perform the scan, and the medical device crashed. They had to reboot the PC to keep working.

    2. Re:Seriously? by gweihir · · Score: 2

      What kind of messed-up device. This has been solved for ages. First, if the logs are critical, make a local copy. And second, if you send them off, use UDP so that network failures or failure of the remote logger does not block anything on the local machine. You know, like rsyslogd. But I guess this is just another example of cheaper-than-possible "programmers" at work, the kind that does not understand system administration or networking.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Re:Windows 10 update will kill human beings by Ol+Olsoc · · Score: 4, Funny

    For what? This was an antivirus scan and the report itself doesn't mention an OS. Furthermore, this crash brought down the whole system. If developers are writing their software to utilize drivers, they ought to make sure those drivers aren't so buggy that the mere stopping of data will tank the entire system...especially a system that should be as close to "bulletproof" as bulletproof can be in the technological sense of the word.

    Windows can never fail - only we can fail Windows.

    And Bulletproof and Windows never belong in the same sentence.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  11. Doctor's Computer? Really? by unixcorn · · Score: 3, Insightful

    "Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. "
    I seriously doubt the computer was owned by the doctor. More than likely, it was procured, set up and managed by a team of IT specialist at the hospital/clinic who know little to nothing about the software that might be running on it. Likewise, if the company supplying the software isn't providing a dedicated, hardened box to run the software on, they share the blame as well. Or, I have seen dedicated boxes with all kinds of crap loaded on them by operators who had no clue what the consequences might be. The bottom line here is that maybe computers should be kept out of the operating room. Or maybe doctors shouldn't be allowed to use them.

  12. Re:Windows 10 update will kill human beings by Anonymous Coward · · Score: 3, Insightful

    There is no need to mention an OS - the only system that such problems with viruses is Windows, and the only OS that embeds a virus scan in the kernel IS windows. No other OS locks data like that.

    "as close to "bulletproof" as bulletproof can be"

    Certainly leaves out using Windows.

  13. General purpose OS not suitable for critical use by QuietLagoon · · Score: 4, Interesting
    At some point, the developers of computers that are used in critical situations (medical operations, battleships, etc) will soon realize that it is to the detriment of their end users to use a general purpose operating system for systems.

    .
    It is easy to fall for the siren-song hype from the marketeers that the general purpose operating system is up to the task (remember Microsoft's marketing push that Windows CE was a real-time operating system ,even though it wasn't?), and that being able to use their knowledge of Windows is a benefit that will make their system better.

    Whether it is a weather application being used on live television, or a computer being used in an operating room, Microsoft has shown that Windows is not a proper steward of serious systems programming.

  14. Re:Windows 10 update will kill human beings by mlw4428 · · Score: 2, Insightful

    Why can't we use bulletproof and Windows in the same sentence? According to the report it was the AV scanner that caused the application to crash. The PC was then required to be rebooted for the application to start working correctly. Arguably the client software is at fault for not being able to recover from a situation where "communications" get lost. In this case, it didn't sound like the Windows system had any issue. Furthermore, I have experienced many Windows servers who are happy to sit in a corner and chug away for years without issues. Does Windows have its flaws? Sure, but so does any other operating system - and in general I don't find Windows to be so unstable these days. It's usually 3rd party software, written to use higher level privileges than it really needs, to take down Windows. But any poorly written, high privilege software can take down any OS.

  15. Damnit, it is a MEDICAL INSTRUMENT! by kheldan · · Score: 3, Interesting

    I used to work for a company that built ophthalmic ultrasound machines. It was Windows based (unfortunately). IT departments, being who they are, wanted to put things like antivirus on it. Then the doctors would complain that the MEDICAL INSTRUMENT wasn't performing as advertised. They send it in to us for 'repair'. We remove the shitty antivirus (and all the other crap that IT guys would install on it), then it works perfectly again. We return it.. and IT guys would screw it up again. Rinse, repeat, ad infinitum.

    MEMO TO IT GUYS: Stop treating medical instruments like they're desktop computers! Find another solution, or AT LEAST be smart about how you're installing your junk on it, IT IS A MEDICAL INSTRUMENT, DAMNIT!

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:Damnit, it is a MEDICAL INSTRUMENT! by gweihir · · Score: 4, Interesting

      The stupidity of some IT people is staggering. We had one case where they put AV on a highly isolated system and then had to compromise its isolation to allow over-the-net updates. When we told them that the system was not isolated anymore and that at the very least the AV vendor could now attack them over the network, they did not even understand what we were talking about. They mumbled something about "all machines must have AV".

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Damnit, it is a MEDICAL INSTRUMENT! by kheldan · · Score: 2

      They mumbled something about "all machines must have AV".

      That's pretty much the long and the short of it, yes. They don't seem to understand that it's primary function is as a medical instrument, and that compromising that may compromise the health or even the life of a human being. I'm surprised the FDA doesn't get more involved in things like this, since there is extensive testing of any medical instrument before it is allowed to be sold in the U.S., and especially so in the case of anything computerized. Of course I've always thought it was absurd that any medical instrument (or measuring instrument -- Tektronix oscilliscopes run Windows!) would have any version of Windows running on them, too. Most would be better off running Linux tailored for the specific application, which would also more or less preclude the possibility of virus or malware infection in the first place.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    3. Re:Damnit, it is a MEDICAL INSTRUMENT! by gweihir · · Score: 2

      Read my sig

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  16. Re:Windows 10 update will kill human beings by Opportunist · · Score: 4, Insightful

    IIRC the EULA of every Windows version so far said that the OS must not be used in life-or-death critical operations.

    Not that it isn't used in, say, nuclear plants (which are explicitly cited in the EULA, btw), but if you use something that is clearly not good enough for the job, and even tells you that it's too crappy for important tasks, well, you can't really complain, can you?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  17. Re:Windows 10 update will kill human beings by Anonymous Coward · · Score: 3, Insightful

    This is what I don't get. Why the hell is AV software running on a realtime apparatus?

    1: If AV software is needed for legal eagle reasons, code a scanner for embedded use that runs -only- when the machine is offline and not doing anything. When the switch to online it is flipped, any scans and such get stopped immediately.

    2: A medical machine should be air-gapped anyway, with firmware updates done via files on a signed SD card. There should never be a vector for introducing malware onto a machine without physical access.

    3: Have the designers even done testing where the AV software (or even worse, GWX) fires up during a procedure? This is basic Q&A here, and for the astronomical cost of medical equipment, should be assumed that this was done.

    From TFA, I'd lay the blame of this at the feet of the device maker. They need to use a real OS, or at least ensure that there is no state their environment can get into that can cause this.

  18. Re:Windows 10 update will kill human beings by Jawnn · · Score: 2

    Why can't we use bulletproof and Windows in the same sentence? According to the report it was the AV scanner that caused the application to crash. The PC was then required to be rebooted for the application to start working correctly. Arguably the client software is at fault for not being able to recover from a situation where "communications" get lost.

    It is not reasonable to single out the OS, the AV software, or the application. The three were combined, along with some specialized hardware as a system with an arguably life-or-death role in the OR. This was a bad choice, for all the reasons previously stated. If you're going to place the system in a role as critical as heart surgery, far more serious attention should have been paid to it's availability and reliability. Yes, the AV scan disrupted things, the OS had no way to know that the application software is as important as it was, the application software failed spectacularly when the expected resources weren't available, etc. The big fail was the decision to place a patient's life in the hands of that rickety and untested system.

  19. Re:Windows 10 update will kill human beings by LVSlushdat · · Score: 2

    If this machine running an AV is so intimately tied to a medical procedure having to do with the human heart, I hope to God its not also on the internet and is a standalone machine. As a standalone machine, I don't see any reason for any AV beyond perhaps a scanner if/when a USB drive is inserted. And since the machine in question has an AV that so spectacularly crashed, I'm gonna go out on a limb and speculate it was running Windows.. (shudder)

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  20. Re:Windows 10 update will kill human beings by David_Hart · · Score: 3, Insightful

    This is what I don't get. Why the hell is AV software running on a realtime apparatus?

    1: If AV software is needed for legal eagle reasons, code a scanner for embedded use that runs -only- when the machine is offline and not doing anything. When the switch to online it is flipped, any scans and such get stopped immediately.

    2: A medical machine should be air-gapped anyway, with firmware updates done via files on a signed SD card. There should never be a vector for introducing malware onto a machine without physical access.

    3: Have the designers even done testing where the AV software (or even worse, GWX) fires up during a procedure? This is basic Q&A here, and for the astronomical cost of medical equipment, should be assumed that this was done.

    From TFA, I'd lay the blame of this at the feet of the device maker. They need to use a real OS, or at least ensure that there is no state their environment can get into that can cause this.

    The AV software wasn't running on the medical device, it was running on the Doctor's computer. The Doctor's computer has a software app that gathers data from the medical device and, it seems, that there is some requirement for the medical device to be able to read this data as well. Or perhaps the App has some command and control functions. Either way, the AV software ran, freezing up the app on the doctors computer and causing the medical device to crash.

    In my opinion, the hospital should have an air-gapped dedicated system for this instead of relying on the doctor's laptop.

  21. Re:Windows 10 update will kill human beings by srmalloy · · Score: 2

    From the connected article, the antivirus software on the doctors' PC was configured to run a scan hourly, and when it was scanning the application's folders, it froze access to the files in those folders. The application was designed to require real-time access to its data, and failed spectacularly when it was blocked, crashing the computer. Fortunately, the situation was not time-critical, and the doctors were able to take the time to reboot the computer and restart the application without endangering the patient. However, a future interaction of this type may not end so benignly.

    Ignoring the fact that the application was badly designed so that it didn't fail gracefully, Merge Healthcare's documentation for their product explains that the application requires real-time access to its data and recommends white-listing its folders to prevent an antivirus scanner from locking off access to the data. So the blame can be laid both at the feet of Merge Healthcare for building software that didn't fail gracefully and at the feet of the hospital for improperly configuring the virus scanner to prevent it from interfering with a real-time application.

  22. Re:Windows 10 update will kill human beings by thegarbz · · Score: 2

    Not that it isn't used in, say, nuclear plants

    It's not. There's not an industrial control system in existence nuclear or otherwise which runs it's control routines on a windows platform. They run on proprietary code embedded in control processors which happen to take input from a piece of software over the network which may be based on Windows. Should that piece of software (or the underlying OS) go down, nothing at all happens and the controllers happily keep controlling.

    Windows is nothing more than a TV remote control in this case. The TV doesn't magically change channel or turn off when the batteries in the remote die.

  23. Re:Windows 10 update will kill human beings by Darinbob · · Score: 3, Insightful

    Having a Windows based medical system is stupidity in itself. Even having an antivirus scan in embedded software is ridiculous, they should be stand alone devices, not dependent upon some apathetic home consumer company, not connected to the internet, etc. And yet so many developers are so amazingly uneducated and inexperienced that they think Windows is the perfect solution to everything, managers love Windows because they can hire so many cheap ass developers for it and mistakenly think they can save time this way. Maybe Windows is not the flaw, but the Windows mindset certainly is.