Untimely Virus Scan Interrupts Patient Procedure
By Christine Kern, contributing writer
The dark side of computerized medicine.
By Christine Kern, contributing writer
In a February, an antivirus software scan interrupted a patient’s heart procedure causing a critical monitoring device screen to go black, forcing doctors to reboot the system before continuing. The five-minute delay placed the patient at risk of harm, according to an FDA alert.
The incident highlights the dark side of using computers and computer systems in critical care settings, including the potential risks to patients.
According to ars technica, the incident occurred because of misconfigured antivirus software and involved the brand name Merge Hemo, sold by Hartland, WI-based Merge Healthcare. The system includes a patient data module and a monitor PC connected via serial cable, and provides doctors with real-time diagnostic information from patients during a cardiac catheterization in which the doctor inserts a tube into a blood vessel to measure how well the patient’s heart is functioning.
According to the FDA alert, an unidentified healthcare provider “reported to Merge Healthcare that, in the middle of a heart catheterization procedure, the Hemo monitor PC lost communication with the Hemo client and the Hemo monitor went black.”
Information obtained from the customer indicated that there was a delay of about five minutes while the patient was sedated so that the application could be rebooted. It was found that anti-malware software was performing hourly scans. With Merge Hemo not presenting physiological data during treatment, there is a potential for a delay in care that results in harm to the patient. However, it was reported that the procedure was completed successfully once the application was rebooted.”
Investigation revealed “customer error” was responsible for the incident, claiming the hospital had not properly installed the device. The alert stated product security recommendations explicitly state “the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime will still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files.”
Another challenge for medical technology is that many healthcare organizations are running old or outdated programs and medical devices with preinstalled antivirus software, according to ars technica. Federal certifications prohibit customers from changing or modifying the software, creating obstacles and potential for malfunctions.