Malware scan stalled misconfigured med software, mid-procedure
RTFM. No, really, read it
A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient.
As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays them, and inserts the data into an electronic patient record. It uses a patient module to collect data sent back to a PC or tablet over a serial link.
The incident took place in February this year.
From the FDA report: “in the middle of a heart catheterization procedure, the Hemo monitor PC lost communication with the Hemo client and the Hemo monitor went black. Information obtained from the customer indicated that there was a delay of about 5 minutes while the patient was sedated so that the application could be rebooted”.
The advisory goes on to note that in other circumstances, such a delay could be dangerous for a patient, but in this case the procedure was completed successfully.
Merge Healthcare's advice, quoted by the FDA, is that “the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files”.
Since the average medico's expertise probably doesn't include antivirus installation and configuration, either a hospital's IT department or a reseller should be hanging their heads in shame at the blunder. ®
- AdBlock Plus
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Software License
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Web Browser
- Zero trust