Hospital Medical Devices Increasingly Riddled With Computer Viruses

Technology Review on the looming hazard of malware causing deadly misfunction in the era of digitalized medical care:

Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.

Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. “We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can’t be used, or they become compromised to the point where their values are adjusted without the software knowing,” he said. He explained that when a machine becomes clogged with malware, it could in theory “miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm.”

, , , ,

  • http://twitter.com/jasonpaulhayes jasonpaulhayes

    The last time I was at a hospital getting some blood work I looked at the terminal and saw several Stock Trading programs installed and running on it. I had already called the patient services dept to complain that all the Dr did was compare scars with me rather than providing me with healthcare but decided to go ahead and tell them I also didn’t think that was a legal or appropriate use of hospital resources to run Stock Trading apps on their terminals.

    • Calypso_1

      Perhaps the Doc has found a new trading algorithm based upon weak-pulse EM emissions from RBCs.

      • Simon Valentine

        so two NP-hard organisms meet in a park and do some stuff. did they P?

        http://mondovista.com/dnax.html

        • Calypso_1

          damn MF’r my maths is not that good ; )

          • Simon Valentine

            we do well when we do not anthropomorphize communication and instead laminate the confluence of patterns – we can solve and are ourselves solutions to P = NP, less an ideology that “not one pair of each and every pair of events happens at the same time”.

  • http://twitter.com/jasonpaulhayes jasonpaulhayes

    The last time I was at a hospital getting some blood work I looked at the terminal and saw several Stock Trading programs installed and running on it. I had already called the patient services dept to complain that all the Dr did was compare scars with me rather than providing me with healthcare but decided to go ahead and tell them I also didn’t think that was a legal or appropriate use of hospital resources to run Stock Trading apps on their terminals.

  • BrianApocalypse

    Those hospitals be so dirty even the computers be gettin’ infected!

  • alizardx

    As I recall. the user licence for Windows states that it isn’t supposed to be used for life-critical applications without written permission from Micro$oft. I wonder if there is *any* Windows-based medical equipment or medical software with that written permission. Whether one likes Windows or not, that should be considered fair warning. I see patient or class action litigation coming out of this situation Real Soon Now.

    What would I use? Probably a locked down copy of Linux with unnecessary functionality and updates disabled. Might go as far as making the OS/software boot from read-only device.

    • BuzzCoastin

      if they are using an operating system for an aplication
      (instead of machine language instructions)

      the big boys all use proprietary operating systems
      the little guys use MS or Apple as an OS
      but code their own applications
      I don’t see how MS could be found liable
      but class action suits are as American as apple pie

      • alizardx

        Who said anything about suing M$? That license clause is a reasonable defense.

        Was talking about vendors and hospitals. BTW, lots of infrastructure elements run on Windows… SCADA control environments, for instance that show up in nuclear power plants, industrial plants, electrical grids… ask the Iranians about how good an idea (Stuxnet) this is.

  • BuzzCoastin

    you don’t need malware to have a problem
    back in the day a machine called the THERAC-25
    had software malfunctions that killed 3 and maimed 3
    it wasn’t until 19 months after the first malfunction and the 3rd death
    that the FDA stepped in

    reading Death by Medicine isn’t a bad idea
    for those seeking care from Big Healthcare

21