back to article Malware scan stalled misconfigured med software, mid-procedure

A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient. As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays …

  1. Herby

    Wait for it...

    Windows 10 nagware incident to follow. Now back to the studio.

    1. Ken Moorhouse Silver badge

      Re: Wait for it...

      I made a comment about this recently. The difference in the two scenarios is that the one reported here could be averted by RTFM. With Windows 7/Windows 10 updating, is there even an FM to RT? Manufacturers will hide behind T's&C's saying that their software is not guaranteed to work in mission critical situations, in which case that cuts a very large chunk out of MS's revenue stream (ATM's, medical equipment, Real-Time financial reporting, etc., without even mentioning the IoT).

  2. Anonymous Coward
    Anonymous Coward

    I always felt relieved that my horrible code isn't in safety-critical systems

    but thanks to the ubiquity of Windows PCs it probably is after all. If a just divinity with a keen sense of irony rules the universe then I'll be gasping my last while the surgeon attempts to dismiss the 512 stacked modal alerts that all read "WM_USER + 100 already registered!!! - wtf!? Tell MONGO you saw this debug!!!"

    1. Ropewash
      Coffee/keyboard

      Re: I always felt relieved that my horrible code isn't in safety-critical systems

      You owe me a keyboard.

      Clean up your filthy code. For fucks' sake have some pride.

      1. FatGerman

        Re: I always felt relieved that my horrible code isn't in safety-critical systems

        >> Clean up your filthy code. For fucks' sake have some pride.

        Damn it, that IS pride :D This is MY debug message so fuck the lot of you :P I respect coding like that. So much more challenging to work with, and therefore creates more bookable hours.

  3. Anonymous Coward
    Windows

    Holy fuck

    So your life is in their hands and their instrument's are now in the hands of the likes of you and me.

    General purpose, PHB managed, IT isn't ready for this sort of thing, not by a long shot. This is the sort of system where risk management comes first and way before you even need to worry about AV because the bloody thing isn't wired up to the internet FFS.

    God forfend that DevOps has leeched onto medicine now. (PI)

    1. Mark 85

      Re: Holy fuck

      Do you know this for certain that has no Internet connection? From what I'm hearing and reading, too much of this stuff does have access if nothing else for "updates".

    2. Richard 12 Silver badge

      Re: Holy fuck

      I'm utterly stunned.

      Our users pay more attention to machine and network security, and the worst that could happen if they screw up is that somebody has an epileptic fit!

      Or it goes very, very dark.

  4. Anonymous Coward
    Anonymous Coward

    Reseller and IT dept

    knowledge and inclinations may be no more than the medics, actually.

    1. Mephistro
      Devil

      Re: Reseller and IT dept

      You mean, like earning tons of cash and playing golf?

      ;-)

      1. DropBear

        Re: Reseller and IT dept

        "You mean, like earning pocketing tons of cash without fear of any consequences whatsoever no matter what they screw up and how badly and playing golf?" TFTFY.

  5. Anonymous Coward
    Anonymous Coward

    Before I got the hell out of the industry, it was common for hospital IT departments to demand to install AV on platforms. When installed by Derek from IT, they would usually break the operating software as the AV scanned newly created images. I once had a few days work setting up an instrument flushed like that. This isn't a new problem, and it doesn't help that each hospital trust has its own way of doing things and its own work arounds. Which leads to the text file full of login details problem.

    Then hospitals began to demand operating system updates and so on for systems developed twenty odd years ago. Of course the problem was that the platforms were running on Windows NT, and that the entire development team had retired or been fired years ago.

    Why we're they connected to the Internet at all? 24 hour remote support in case the systems went down. In any case hospitals were always awash with malware anyway. Too many IT illiterati doctors with thumb drives.

    1. cbars Bronze badge
      Trollface

      don't worry about that!

      chmod 700 passwords.txt

  6. Dr Paul Taylor

    Medico's expertise

    Since the average medico's expertise probably doesn't include antivirus installation and configuration,

    The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about computers.

    When I went to my dentist last week the practice computer was down and the receptionists didn't have a clue, so it was up to the dentist himself to fix it.

    Of course surgeons and dentists should be spending their expensive time fixing people not computers.

    1. Rich 11

      Re: Medico's expertise

      and therefore

      Really can't agree with this. Setting aside all formal knowledge, experience and opportunity are greater indicators than intelligence.

    2. Andrew Commons

      Re: Medico's expertise

      "The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about ..."

      Most of these people are very specialised and know a lot about a fairly limited problem space. Dentists know how to make a fortune out of 32 teeth but I would not bet on them knowing what to do when the lid comes off the computer, or when the bonnet of a modern car is lifted (which is pretty much the same thing nowadays).

      They are highly specialised, this does not equate to smart. For example, New Zealander Nigel Richards is the current (I think) French Scrabble champion, he does not speak French (see http://www.theguardian.com/lifeandstyle/2015/jul/21/new-french-scrabble-champion-nigel-richards-doesnt-speak-french ) but he does have a very good memory and really knows how to play scrabble. Many of the med students I knew going through Uni reckoned that all you needed for medicine was the ability to memorise a telephone directory :-)

    3. mstreet

      Re: Medico's expertise

      "The surgeon is ipso facto likely to be the smartest person around..."

      I've spent many years in IT consulting, primarily servicing legal and financial offices.

      I can assure you, without a doubt, that there is absolutely no correlation between intelligence, common sense, or technical know-how.

      Perhaps it's different in the medical industry, but in my experience, outside of their areas of expertise, lawyers and money managers are among the most clueless people on earth. I usually have an easier time explaining things to their receptionists.

    4. Vic

      Re: Medico's expertise

      The surgeon is ipso facto likely to be the smartest person around and therefore probably the one who knows most about computers.

      That most certainly doesn't mesh with my experience.

      The surgeon is likely to be the one who believes he knows most about computers, reality notwithstanding...

      Vic.

  7. Paul Crawford Silver badge

    Light reliefe...

    Of course in a similar vein:

    https://xkcd.com/463/

  8. Anonymous Coward
    Anonymous Coward

    Been there, seen that

    Been there, seen that, and am not confident in the remedy proposed.

    Me and a colleague not that long ago worked on some time critical (but not directly safety critical) data acquisition software which the IT department insisted had to run on a Window box with corporate AV (no configuration options available).

    The data came in via (high speed) serial links, and some of the incoming data contained its own embedded timestamps which were trustworthy.

    There was no guarantee that the incoming data would *always* contain such a timestamp, so the logging program also had to add its own timestamp as the data arrived. Plus the incoming timestamps were relative (x ms since time 0), rather than absolute (2016.05.04:03:02:01.00), whereas later analysis would need the *absolute* time corresponding with the data.

    Four channels worth of data arriving at around 500kb/s total was stored in a temporary file per channel.

    Analysis of the behaviour of the system when it was and wasn't running an AV scan showed that although data wasn't generally subject to much delay when the AV wasn't running, when the AV was running, there could be several minutes worth of delay between serial data arriving in the box and serial data arriving in the application, presumably because of the system wide workload causing incoming data (which was supposedly handled in a high priority thread) to queue up massively before being read by the application and written to disk. Occasionally some data would get lost altogether.

    In summary: the problem wasn't the AV handling of the individual files in question, it was the AV impact on the total system workload.

    1. Andrew Commons

      Re: Been there, seen that

      I imagine patching and rebooting would also have been problematic as well.

      The issue here isn't the AV software as such, it is the blind adherence to its use in an incompatible environment.

      There are other ways to mitigate the risks, such as isolation and tight network controls, so it's all solvable.

      1. DropBear

        Re: Been there, seen that

        "There are other ways to mitigate the risks, such as isolation and tight network controls, so it's all solvable."

        Well yes, but that would assume that there is at least one person in that entire hospital who has any clue about what he's supposed to be doing. A ludicrous assumption if I ever saw one...

  9. P. Lee

    Why?

    Forget the idea of whether it should have been installed or not, or if it was scanning too much, why would an AV scanner bring its host system to its knees? Forget the idea that a clueful techie might be available.

    Surely the AV software designer would make it run as a low priority process?

    1. Andrew Commons

      Re: Why?

      A low priority process can bring a system to its knees by getting a lock on a resource that is required by other processes and not letting go of it because it's low priority and not given much processor time.

      While there are ways to reduce the impact making it go away completely is non-trivial, as is this problem.

    2. John Sager

      Re: Why?

      Probably not. AV has to get in very early to check when USB sticks are inserted, or incoming data gets stored. So it'll be a high priority thread. Obviously a background file scan could be lower priority, but the AV may well be arrogant enough not to bother.

  10. Anonymous Coward
    Anonymous Coward

    Three little letters

    NFR - Non-functional Requirements.

    Use a Business Analyst, FFS.

  11. Anonymous Coward
    Anonymous Coward

    Three little letters

    NFR - non-functional requirements.

    Use a Business Analyst FFS.

  12. Anonymous Coward
    Mushroom

    Blame the antivirus reseller?

    Blame the antivirus reseller, really. The real issue here is why in the twenty first century, a 'computer' still needs AV and what this unnameable computer operating system is even doing in an Operating Theatre.

    there was a delay of about 5 minutes while the patient was sedated so that the application could be rebooted

    Jesus tap.dancing Christ on roller skates !!!

  13. Anonymous Coward
    Anonymous Coward

    What does the risk managmenet file say?

    The key thing about any medical device is the intended use and based on that the risk analysis and management.

    In the risk management file what was identified as the consequences for a software failure?

    Was it assumed that the procedure could continue successfully without the device operating or with the device providing incorrect information?

    I suspect that a failure of the software was not identified as possible to cause a serious injury because if it had then the choice of windows as an OS and an architecture where a single failure could cause a system failure would not be appropriate. In europe this is probably a class IIb device because it monitors vital phsyiological process which means that the design would be checked by an independant body before it could be CE marked.

    The only potential concern to me is if the actual usage in this incident suggest that the product risk analysis was not correct. If the consequences of this failure were in line with the risk analysis then there is nothing of any concern here.

  14. Anonymous Coward
    Anonymous Coward

    Why people keep using Windows for tasks like this i just don't know . Something like this would be a great use for an iPad. Don't need the AV , and it has a battery built in that will last hours if there was a power cut.

    Windows has its place, but this is not one of them.

  15. allthecoolshortnamesweretaken

    Re: smart surgeons

    Bit off topic, but this reminded mo of a joke my GP told me the other day (it's about orthopaedists really, but what the hell):

    A good orthopaedist, a bad orthopaedist, a surgeon and radiologist are stood at the starting line of a 100 m track. At the finish line lies a bag with 50,000 EUR in cash. They are told that in order to get the cash, they will have to compete in a 100 m sprint. Whoever wins, gets the cash.

    Who will get the cash? The bad orthopaedist, obviously. Why?

    The radiologist wouldn't run a hundred meters and bend down to pick up a mere 50k.

    The surgeon won't understand what he's supposed to do.

    And there are no good orthopaedists.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like