Wait for it...
Windows 10 nagware incident to follow. Now back to the studio.
A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient. As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays …
I made a comment about this recently. The difference in the two scenarios is that the one reported here could be averted by RTFM. With Windows 7/Windows 10 updating, is there even an FM to RT? Manufacturers will hide behind T's&C's saying that their software is not guaranteed to work in mission critical situations, in which case that cuts a very large chunk out of MS's revenue stream (ATM's, medical equipment, Real-Time financial reporting, etc., without even mentioning the IoT).
but thanks to the ubiquity of Windows PCs it probably is after all. If a just divinity with a keen sense of irony rules the universe then I'll be gasping my last while the surgeon attempts to dismiss the 512 stacked modal alerts that all read "WM_USER + 100 already registered!!! - wtf!? Tell MONGO you saw this debug!!!"
>> Clean up your filthy code. For fucks' sake have some pride.
Damn it, that IS pride :D This is MY debug message so fuck the lot of you :P I respect coding like that. So much more challenging to work with, and therefore creates more bookable hours.
So your life is in their hands and their instrument's are now in the hands of the likes of you and me.
General purpose, PHB managed, IT isn't ready for this sort of thing, not by a long shot. This is the sort of system where risk management comes first and way before you even need to worry about AV because the bloody thing isn't wired up to the internet FFS.
God forfend that DevOps has leeched onto medicine now. (PI)
Before I got the hell out of the industry, it was common for hospital IT departments to demand to install AV on platforms. When installed by Derek from IT, they would usually break the operating software as the AV scanned newly created images. I once had a few days work setting up an instrument flushed like that. This isn't a new problem, and it doesn't help that each hospital trust has its own way of doing things and its own work arounds. Which leads to the text file full of login details problem.
Then hospitals began to demand operating system updates and so on for systems developed twenty odd years ago. Of course the problem was that the platforms were running on Windows NT, and that the entire development team had retired or been fired years ago.
Why we're they connected to the Internet at all? 24 hour remote support in case the systems went down. In any case hospitals were always awash with malware anyway. Too many IT illiterati doctors with thumb drives.
Since the average medico's expertise probably doesn't include antivirus installation and configuration,
The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about computers.
When I went to my dentist last week the practice computer was down and the receptionists didn't have a clue, so it was up to the dentist himself to fix it.
Of course surgeons and dentists should be spending their expensive time fixing people not computers.
"The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about ..."
Most of these people are very specialised and know a lot about a fairly limited problem space. Dentists know how to make a fortune out of 32 teeth but I would not bet on them knowing what to do when the lid comes off the computer, or when the bonnet of a modern car is lifted (which is pretty much the same thing nowadays).
They are highly specialised, this does not equate to smart. For example, New Zealander Nigel Richards is the current (I think) French Scrabble champion, he does not speak French (see http://www.theguardian.com/lifeandstyle/2015/jul/21/new-french-scrabble-champion-nigel-richards-doesnt-speak-french ) but he does have a very good memory and really knows how to play scrabble. Many of the med students I knew going through Uni reckoned that all you needed for medicine was the ability to memorise a telephone directory :-)
"The surgeon is ipso facto likely to be the smartest person around..."
I've spent many years in IT consulting, primarily servicing legal and financial offices.
I can assure you, without a doubt, that there is absolutely no correlation between intelligence, common sense, or technical know-how.
Perhaps it's different in the medical industry, but in my experience, outside of their areas of expertise, lawyers and money managers are among the most clueless people on earth. I usually have an easier time explaining things to their receptionists.
The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about computers.
That most certainly doesn't mesh with my experience.
The surgeon is likely to be the one who believes he knows most about computers, reality notwithstanding...
Vic.
Been there, seen that, and am not confident in the remedy proposed.
Me and a colleague not that long ago worked on some time critical (but not directly safety critical) data acquisition software which the IT department insisted had to run on a Window box with corporate AV (no configuration options available).
The data came in via (high speed) serial links, and some of the incoming data contained its own embedded timestamps which were trustworthy.
There was no guarantee that the incoming data would *always* contain such a timestamp, so the logging program also had to add its own timestamp as the data arrived. Plus the incoming timestamps were relative (x ms since time 0), rather than absolute (2016.05.04:03:02:01.00), whereas later analysis would need the *absolute* time corresponding with the data.
Four channels worth of data arriving at around 500kb/s total was stored in a temporary file per channel.
Analysis of the behaviour of the system when it was and wasn't running an AV scan showed that although data wasn't generally subject to much delay when the AV wasn't running, when the AV was running, there could be several minutes worth of delay between serial data arriving in the box and serial data arriving in the application, presumably because of the system wide workload causing incoming data (which was supposedly handled in a high priority thread) to queue up massively before being read by the application and written to disk. Occasionally some data would get lost altogether.
In summary: the problem wasn't the AV handling of the individual files in question, it was the AV impact on the total system workload.
I imagine patching and rebooting would also have been problematic as well.
The issue here isn't the AV software as such, it is the blind adherence to its use in an incompatible environment.
There are other ways to mitigate the risks, such as isolation and tight network controls, so it's all solvable.
"There are other ways to mitigate the risks, such as isolation and tight network controls, so it's all solvable."
Well yes, but that would assume that there is at least one person in that entire hospital who has any clue about what he's supposed to be doing. A ludicrous assumption if I ever saw one...
Forget the idea of whether it should have been installed or not, or if it was scanning too much, why would an AV scanner bring its host system to its knees? Forget the idea that a clueful techie might be available.
Surely the AV software designer would make it run as a low priority process?
A low priority process can bring a system to its knees by getting a lock on a resource that is required by other processes and not letting go of it because it's low priority and not given much processor time.
While there are ways to reduce the impact making it go away completely is non-trivial, as is this problem.
Blame the antivirus reseller, really. The real issue here is why in the twenty first century, a 'computer' still needs AV and what this unnameable computer operating system is even doing in an Operating Theatre.
“there was a delay of about 5 minutes while the patient was sedated so that the application could be rebooted”
Jesus tap.dancing Christ on roller skates !!!
The key thing about any medical device is the intended use and based on that the risk analysis and management.
In the risk management file what was identified as the consequences for a software failure?
Was it assumed that the procedure could continue successfully without the device operating or with the device providing incorrect information?
I suspect that a failure of the software was not identified as possible to cause a serious injury because if it had then the choice of windows as an OS and an architecture where a single failure could cause a system failure would not be appropriate. In europe this is probably a class IIb device because it monitors vital phsyiological process which means that the design would be checked by an independant body before it could be CE marked.
The only potential concern to me is if the actual usage in this incident suggest that the product risk analysis was not correct. If the consequences of this failure were in line with the risk analysis then there is nothing of any concern here.
Bit off topic, but this reminded mo of a joke my GP told me the other day (it's about orthopaedists really, but what the hell):
A good orthopaedist, a bad orthopaedist, a surgeon and radiologist are stood at the starting line of a 100 m track. At the finish line lies a bag with 50,000 EUR in cash. They are told that in order to get the cash, they will have to compete in a 100 m sprint. Whoever wins, gets the cash.
Who will get the cash? The bad orthopaedist, obviously. Why?
The radiologist wouldn't run a hundred meters and bend down to pick up a mere 50k.
The surgeon won't understand what he's supposed to do.
And there are no good orthopaedists.