Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Fed-Up Hospitals Defy Windows Patching Rules 705

Posted by simoniker
from the er dept.
bingbong writes "According to Network World: 'Amid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates. Device makers such as GE Medical Systems, Philips Medical Systems and Agfa say it typically takes months to test Microsoft patches because they could break the medical systems to which they're applied. In some instances, vendors won't authorize patch updates at all.' This is the typical patch vs. crash problem. Unfortunately, the stakes here could be human lives."
This discussion has been archived. No new comments can be posted.

Fed-Up Hospitals Defy Windows Patching Rules

Comments Filter:
  • by Anonymous Coward on Monday August 09, 2004 @01:54PM (#9922368)
    Why is hospital equipment running windows? Anyone that knows anything about embedded systems with high quality requirements know that you stay away from large OSes. Even Linux is avoided unless you need tcp/ip and if you don't then its better to have a small maybe even off the shelf OS. The Key is to limit the testing requirements and limit changes, which are goofy to test a life support system just to have the latest and greatest IE 6 or 7 that you shouldn't even, have hooked to a wide-open Internet anyway.
    • by dekemoose (699264) on Monday August 09, 2004 @02:03PM (#9922475)
      They are running Windows for the same reason that they are connected to a network, some pinhead PHB somewhere is trying to save a buck. It's probably cheaper for them to develop on a Windows platform rather then on a proper embedded paltform. Just like its cheaper for them to put these devices on a shared network, rather than having them properly firewalled off onto their own secured environment. Follow the $$$.
      • Part of the problem is that the vendors chose Windows as a development platform.

        I'm a rabid Linux user, but if I were designing equipment that held human lives in its anthropomorphic hands, I'd build it as an entirely atomic OS built from Linux or a BSD variant. And communications would be data-only, over a serial port. No network.

        In high school, a nurse from St Mary's (here in Grand Rapids, MI) was showing us screenshots of their radiation therapy machine. I recognized CDE...she didn't know what version of UNIX it ran, though.

        • by Omega1045 (584264) on Monday August 09, 2004 @02:57PM (#9923055)
          Part of the problem is that the vendors chose Windows as a development platform.

          Uh, no. Do you work in the health care industry? I do as a software developer for a vendor. Don't throw the blame on us. We actually changed to Windows off of other systems because hospitals started putting PCs with Windows into their various departments. The backend for the software I work on actually runs in Unix, and we have hospitals that are thinking of going to NT only, which means we have to try to port our code to it or loose that customer.

          • Part of the problem is that the vendors chose Windows as a development platform.

            um, no. ALL of the blame rests on the software developer. If you all weren't so goddamn lazy and quick to grab dollars at the expense of careful design and reliable architecture, you wouldn't be using windows at all.

            The backend for the software I work on actually runs in Unix, and we have hospitals that are thinking of going to NT only [...]

            When you get back to 1997, would you call me and tell me to invest in eBay
            • by Anonymous Coward on Monday August 09, 2004 @07:30PM (#9925446)
              They are not usually using Windows for embedded systems. They are using Windows on workstations.

              I am a clinical doctor who programs in a couple of dozen languages and environments and follow the advancement in software solutions closely. I have been involved with clinical informatics only recently for the past couple of years though. Allow me to explain you some of the realities of the current health industry software. I admit I haven't sat down and structured the text well but I tried to put in as many issues as I could think of the moment.

              The doctors want Windows or Macs. They want a familiar set up compared to what they use at home. It is very difficult to get doctors learn a completely different paradigm. There have been documented cases where nearly all the doctors in certain institutions rose up in arms because the developers thought they knew better and tried to force a solution onto them.

              Most of the current set ups are almost always heterogeneous. We buy software from multiple vendors and bridge them together. This is because there are no completely integrated solutions as yet. GE and a few others are trying to close this gap but it is a VERY difficult one. Hospital information needs are not standard as your usual business information needs. The data processing here is often very simple but the volume and complexity of the data is overwhelming. It is not simple as Customers and Invoices. Clinical Medicine deals a lot with relatively abstract data with complex relationships. Most doctors know these relationships intuitively but there isn't enough published literature for a software developer to draw from. Clinical software is extremely expensive to build since the requirements are hard to establish. A lot of iterations are needed to fit the software to a given practice (This never gets completed usually and people settle for close enough).

              Doctors themselves understand their needs best. A few doctors, while they don't hold CS degrees, practice design patterns or do EJB, do quite well to put together MS Access databases to solve their problems where professional software developers have not yet tread. Many times, they distribute these to their colleagues freely (Open Source if you will). Few even sell them. They may not be the best designed tools but they work. Mac's FileMaker and Linux's Total Rekall? don't exactly come close. Windows tools also have a larger number of books available to learn from.

              Platform and tool costs are trivial, developer costs are not. A study in Human Computer Interactions is very essential here. Rich user interfaces are always preferred. Non-windows platforms don't have sufficiently advanced RAD tools. I really wanted Kylix to succeed. But I don't see any momentum behind it anymore. Veteran's Affairs Hospitals have built a remarkably physician friendly system. They are rightly proud of their constantly iterative development. They used Delphi but now that the system is stable (for user experience stand point) they are looking for other platforms. They looked at .NET. I heard they were trying Java now. Personally I am not sure it is the right choice for the client but we shall see.

              The loss of work hours because the software does not fit the workflow at a given hospital is far far greater than losses due to worms and viruses.

              The software should be as intuitive to use as possible. Should not require reading manuals. Hospitals always look whether the given software will slow the physician down in any way because physician time is very expensive and they rather have them seeing patients and generating revenue.

              There is a case for cross-platform tools at the moment too. It is a case of mobility. Most doctors like to be able to review a patient's case online and advice on the phone when necessary. Many vendors provide web pages and applets for this but they often end up very unergonomic. But since the need is often information retrieval rather than data entry, they are accepted in the absence of the better alt
              • There is a case for cross-platform tools at the moment too. It is a case of mobility. Most doctors like to be able to review a patient's case online and advice on the phone when necessary. Many vendors provide web pages and applets for this but they often end up very unergonomic. But since the need is often information retrieval rather than data entry, they are accepted in the absence of the better alternative. XAML, XUL and J# browser controls may improve the situation..

                Personally, I don't think the issue
          • You even get this in embedded systems, where the vendor is supplying the entire system and the customer's never going to interact with the OS directly, and still the customer demands this or that particular OS. And these days that's generally Windows. It's nuts. It's like demanding you use a bubble sort instead of a shell sort. Five years ago you had customers telling you that they're glad you're not using this newfangled Windows stuff, now they're pushing Windows on you...
        • by FFFish (7567) on Monday August 09, 2004 @03:00PM (#9923088) Homepage
          Don't be silly. The system should be based on an OS that is proven hard-core stable and real-time, like QNX, Microware OS-9/9k, etc.

          There are a ton of good OSes out there for specialty applications and, surprise!, most of them don't involve Linux! Linux is not the be-all and end-all of OSes.

          For human-life-critical applications, you should be using something that is demonstrably proven.
          • Agreed. From what I've seen, health diagnostic systems typically run QNX.

            This whole thing reminds me of when I worked for a small engineering firm that was developing a new device for the blood product industry. They wanted to migrate away from the tried and trust analog systems to digit. The CPUs available at the time were 8080A, 6800 and COPS. They decided to hire two "experts" and use the COPS devices.

            The "experts" developed a system that met the decided functionality. But, regardless of what they
        • This happened to me in a hospital:

          I was admitted for severe breathing difficulties and chest pain. This put me on the heart attack route. Turned out to be a rare form of asthma. While I set in a bed on oxygen, I looked up to watch my heart monitor flat-line. The crash cart crew runs in with all the resucitation equipment and my heart monitor starts beating again. They give me weird looks and examine me up an down to see that I'm doing great on the oxygen. This happens a second time. About 10 minutes later the hospital IS staff show up and examine it, and he says, "Aha, yours is set on the network to show the guy next door."

          He leaves and I hear the crash cart go whizzing by my door.

          Networked critical care systems are a bad idea--except to report a central monitoring station. Windows is an even worse idea. Why this kind of crap is tolerated is beyond me.

          Shawn
          • Because the alternative is alot worse, that's why.

            Imagine you are a small hospital, one with a 10 bed ICU. You have 10 patients. Can you afford to have someone near enough to each heart monitor to hear when it has an irregular heartbeart? Can you even detect a slightly altered heart-rate just by a casual listen/look every now and then? What about all the other funny intrumentation? Of course not. It would take one RN/CNA/Med. Tech per ICU patient per shift. In 3 shifts that's 30 full-time employees for a 10-bed ICU just to make sure nothing bad is happening on the monitor. That's a big staff. All the sudden you are spending $2M a year on just nurses/assistants for your 10-bed ICU. At best you can recoup $500k of that, maybe $1M if you have a really good ratio of paying/insured/uninsured/unpaying patients.

            Imagine you are not a 10-bed ICU, but rather, a 750-bed ICU. Do the math.

            Whats worses is that in your case it wasn't even likely a networking related problem, so much as it was likely that a the inputs from one machine were improperly patched through to a display and monitoring unit. (I've seen the same mistake before.. when you have a patch panel it's an easy mistake to wire jack 3 to jack 5 and vice versa).

            It's not acceptable, but in reality, it's a cost of progress. The alternative to network'd equipment like this is worse care. Systems must be designed to be resliant, and some manufactuerer's are doing a bad job. But, by and large, medical technology is amoung the most robust in the entire computer industry. I've seen machines that run 24-hrs a day for years on end. Machines with duty cycles in the thousands of hours.
            Networked care systems are coming, and many are here and work very well. Many many many more lives have been saved than damaged or lost by this type of technology. We need better systems, better platforms, etc - but throwing out the whole thing is absurd at this point in time.
    • by Stargoat (658863) <stargoat@gmail.com> on Monday August 09, 2004 @02:04PM (#9922494) Journal
      Hospitals have to be able to afford the staff to work on the PCs just like other businesses.

      I heard of a hospital that bought some Systemax PCs (I'm still nursing the same model). These POS PCs had a tendancy to have a network failure every few weeks that required unplugging the power cable and the network cable to bring the PC back onto the network.

      After this was realized, the hospital went nuts, and demanded (and got) new PCs. But this is the kind of crap hospitals, just like everyone else, have to put up with.

    • I find it hard to believe they are talking about life support machinery. No specific piece of equipment is ever mentioned, just the generic "medical devices." I'm thinking they are speaking more of hospital informatics systems, like Stentor [stentor.com] and EpicCare [epicsystems.com]. When a doctor can't read a patient's medical chart because the workstation is PWNED, or can't send an X-ray up to surgery because the router's been hijacked, that is definitely a problem; but it is somewhat less of a problem than your ventilator quiting because of a BSOD.

      Sounds like a tech-challenged reporter reporting wide-eyed about crashing "medical devices" which she doesn't really understand.

    • on life-safety equipment, why in hell is ANY outside operating system in use??? you CAN control bugs in your own code if it is YOUR OWN code. get back to machine language FSMs for the specific purpose on a piece of hardware like a monitor. it is irresponsible in the extreme to rely on somebody else's box 'o' bugs as part of your life-safety system. period. anything in that realm that needs wide access should have an outboard trusted "my code only, dammit" interface that the wild wild web plugs into.

      bas
    • by dogas (312359) on Monday August 09, 2004 @02:51PM (#9923015) Homepage
      I develop an enterprise-level hospital app at a large corporation for a living, and I had the same questions when I started.

      Hospital hardware surely does run embedded systems. However, most parts of the hospital are probably kiosks running a web-based app that controls bed management, scheduling, the financial parts, etc.

      They are running windows for the same reason they are using IBM Websphere for the app server instead of Apache Tomcat: liability. What happens when a patient dies because of a server crash? Who do you blame? Oh, we'll blame Microsoft or IBM for our own bugs. You don't have that luxury if you're using Tomcat and Linux. Yes, it's dirty, sleazy and nasty, but I have no control over it.
      • Who do you blame?

        Oh, boy, are you in for a suprise! Have you ever read a EULA? Microsoft and IBM would probably piss their pants laughing if you try to pin a liability suit on them.

        You are trying to make a case that commercial software is more "credible" than OSS software, but you are leaving out the fact that you and your peers are the ones making the liable choices, not any of your vendors. So, a server crashes due to a Windows QA problem? Tough, you chose Windows. The same goes for OSS or any sof
        • Oh, boy, are you in for a suprise! Have you ever read a EULA? Microsoft and IBM would probably piss their pants laughing if you try to pin a liability suit on them.

          If the case went to court, yes. But there is a lot more to it than that. The hospital wouldn't win in court, but the vendor would get annihilated in the marketplace by a saavy customer.

          When your using free software, and you threaten to not only not buy any more, but tell your friends not to either, it doesn't really make your problem better

  • by Anonymous Coward on Monday August 09, 2004 @01:54PM (#9922371)
    Why are they even accessible on the internet? Seems like these should be in a secure private network unlikely to be attacked.
    • by blueZhift (652272) on Monday August 09, 2004 @02:09PM (#9922557) Homepage Journal
      Let me tell you, stuff gets inside hospital networks like nobody's business! The problem is that while the outer firewall is secure, there are all sorts of ways for things to get in via individual workstations. This is especially true since many hospitals, like mine, have standardized on IE. I was literally in the process of patching a Windows 2K based acquisition PC when it got hit with Sasser! Lucky for me the patch just barely beat the infection, so I didn't have to rebuild the machine.

      Because the inside of the hospital network is so insecure, I've actually set up my own firewall around my test and development machines. One solution would be to totally cut off the hospital from the internet, but that wouldn't be very practical and would piss off a lot of doctors to boot!
      • One solution would be to totally cut off the hospital from the internet, but that wouldn't be very practical and would piss off a lot of doctors to boot!

        Seems to be the only solution that makes sense though. Fuck the doctors, they can surf pr0n at home! Seriously, why does the whole hospital network need to be left attached to the public Internet? Have a few stand-alone surf-stations available in the building so they can go look up stuff they need to. Though really, if my doctor *has* to go check somethin
        • by nojomofo (123944) on Monday August 09, 2004 @02:54PM (#9923039) Homepage

          Uhhh.... Do you think that all doctors know absolutely everything about the human body? Don't you think that they need references, too? And don't you think that maybe, just maybe, it's much easier to have up-to-date online references than book references? Why do you assume that the only thing that hospitals need internet for is surfing? You might as well stay home - your doctor looks up information online.

          Maybe they also have billing systems that interact directly with insurance providers so that people don't have to use typewriters and carbon copies anymore. Jesus, there's more to the internet than porn and email. Deal with it.

          • You might as well stay home - your doctor looks up information online.

            Looking stuff up online is a fairly recent practice. Has it saved lives, or encouraged a lazy attitude towards diagnosis? I guess time will tell. Before that, they got by, and at the same time didn't have to worry about the issues raised by this article. Just because something has a big "PROGRESS" label on it, doesn't mean it's a good thing for anyone.
        • Though really, if my doctor *has* to go check something on the internet before he can figure out what to do with me, I'll just stay home, thanks.

          You want a doctor that never reads medical journals, consults with colleagues, participates in research studies,...?

          All that stuff is likely to be an integral part of any good doctor's daily job (including doing research to help diagnose you; you don't really want a doctor who make every single diagnosis based on memory alone).

          --b.

    • by AKAImBatman (238306) <akaimbatman AT gmail DOT com> on Monday August 09, 2004 @02:18PM (#9922656) Homepage Journal
      Why are they even accessible on the internet? Seems like these should be in a secure private network unlikely to be attacked.

      Who said they're on the internet? Consider the following scenario:

      The Hospital PCs are connected to a primary server that backs up all data and managed the PCs.

      The Primary Server has a leased line or occasional dial-up to transfer data to a state-wide backup and update site.

      The backup and update site has firewalled internet access for a VPN to GE, and troubleshooting purposes.

      GE communicates with customers via internet email. One clerk in a backroom opens an attachment with an RPC worm. Within a half-hour the entire chain is compromised.

      Any question on why having a monosystem Windows network is a bad thing? Even ONE Unix server in there would help break the chain.
    • Speaking from first hand experience here. The good IT folks setup all the machines concerned with patient care and treatment planning (radiation oncology & diagnostics in this example) on a seperate network from the general building LAN. This seperate network is secure, has no gateway defined and can't talk to the outside world except via a linux box that serves as a go between (for file transfers of various types)and is physically disconnected from the secure network when it's not needed. This works fi
  • so? (Score:5, Funny)

    by Anonymous Coward on Monday August 09, 2004 @01:55PM (#9922377)
    pshaw! what's a few human lives when network security is at stake?
  • FDA? (Score:5, Insightful)

    by gtrubetskoy (734033) * on Monday August 09, 2004 @01:55PM (#9922381)
    ...when the FDA eight years ago began allowing off-the-shelf software in medical devices, it didn't foresee the kinds of security issues, such as computer worms, that plague networks.

    OK.... We now have the Food and Drug Administration in charge of computer security?

    • Remember Therac-25 (Score:5, Informative)

      by xmas2003 (739875) on Monday August 09, 2004 @02:07PM (#9922535) Homepage
      One of the first (and most tragic) cases of software screwups in medical equipment was the Therac-25 medical linear accelerator used to treat cancer here is one of many writeups on it [computingcases.org] but in summary, it took a couple of years and caused several deaths before it was pulled from the market ... and software is much more complex these days, plus there are tons of interactions.

      I.e. while one can build a simple manometer [komar.org] the reality is that blood pressure devices used today probably have all sorts of interdependancies that can cause a ripple effect, so one should be pretty darn careful before just applying patches licky-split ... in a work discussion earlier today, we talked about how one of the recent Microsoft security patches broke one of our applications.

  • by ameoba (173803) on Monday August 09, 2004 @01:56PM (#9922386)
    Why are these things on any sort of publicly accessable network? They should, at least, be on a private network that's physically separate from everything they don't absolutely need to talk to & firewalled all to hell.
    • Why are these things on any sort of publicly accessable network? They should, at least, be on a private network that's physically separate from everything they don't absolutely need to talk to & firewalled all to hell.

      You are assuming that the devices are in static locations. Many of the devices are portable. Doctors drag them into their office and plug them into the network. It is the same network that they plug their personal laptop into. It is the same laptop that they take home and surf the ne
  • Why in the hell... (Score:5, Interesting)

    by daveschroeder (516195) * on Monday August 09, 2004 @01:56PM (#9922389)
    ...do they not just put these devices and systems behind something as simple as a $50 hardware NAT firewall, especially for a device that costs hundreds of thousands - or millions - of dollars? (Or better yet, why does the vendor not integrate such protection if they're relying on network-connected Windows systems for device control/interaction?)

    The norm is that these devices may need to connect *out* to something else, but don't necessarily need any inbound connections, so a hardware firewall, or even a host-based software firewall, would work perfectly in most instances; those that do need externally initiated inbound communication can *still* set up the necessary rules to allow such communication to take place. And yes, it is just this simple. (I did RTFA, and noted that some vendors actually recommend this, but that, startlingly, "there have been several instances in which viruses originated from medical instruments straight from the vendors"!)
    • by pclminion (145572) on Monday August 09, 2004 @02:00PM (#9922441)
      put these devices and systems behind something as simple as a $50 hardware NAT firewall, especially for a device that costs hundreds of thousands - or millions - of dollars?

      How is a firewall going to stop an insider from exploiting the network? Does working in a hospital magically transform a person into a paragon of morality?

      • by Auckerman (223266)
        Two lines coming out of the main router. Line one goes straight to a NAT which is then on a seperate physical network. Line two another NAT, which is also on it's on physical network. Hell, have a NAT on every floor if they need to, peoples lives are at stake, they can set up as many seperate networks as needed to make sure a device will never be cracked. Regardless of OS on the device, this is basic network set up.
    • by cammoblammo (774120) <cammoblammo&gmail,com> on Monday August 09, 2004 @02:02PM (#9922465)
      "there have been several instances in which viruses originated from medical instruments straight from the vendors"!

      Viruses from medical equipment? Haven't they heard of autoclaving? Sounds like a negligence lawsuit waiting to happen...

    • by Ryan Stortz (598060) <ryan0rz@@@gmail...com> on Monday August 09, 2004 @02:09PM (#9922561)
      No, most machines (from GE atleast) listen for incoming SSH sessions. This is so it's main tech guys can connect (from Wisconsin) and fix the problem. It saves the Hospitals money, they don't have to call in a field service guy for $150+ an hour. The tech guys can even find a faulty board, order it, have it shipped to the hospital, and have a guy swing by the next day and replace it without alot of wait.
  • "Embeded Linux"

    I would much rather have my life staked on a Linux based embeded system than the current crop of MS systems mentioned above.

    The real trick is pushing the vendors of the deviceds to move to an open(read: solid) OS platform.
  • Network (Score:5, Interesting)

    by Klar (522420) * <curchin@gmCURIEail.com minus physicist> on Monday August 09, 2004 @01:57PM (#9922398) Homepage Journal
    I work for a hospital,and I have to say that our network may be 'stable' but it really sucks. We run Windows2000 Pro with many problems, and frequent crashing. If one of our secondary databases crashes, as they seem to do often, we have to wait a day or two until we can get a reboot of the system because the main database runs on the same server. Productivity really goes down the tubes sometimes to allow for the 'stable' network.
  • by bs_testability (784693) on Monday August 09, 2004 @01:59PM (#9922428)
    Medical machines responsible for human life should never need to be patched. The software was tested at one point and should be controlled to stay at that test point until it is to be retested. For machines running windows this means they should be segregated from other parts of yoru network and should be airgap firewalled from the rest of the world. Intenet worms and email trojans shouldn't be relevant.
    • Then how do you make images taken from a device available to the doctor in another building?

      You need networking to be efficient. The problem is, it seems the medical manufacturers and Hospitals skimped on building a systematic network security infrastructure around these critical devices.

  • I'm not a big fan of Microsoft, but I don't think the quality (or lack thereof) of their products is the issue here. I've read from their EULAs that their products are not suited towards critical applications (ie nuke facilities, life support). My point is that although a EULA is not a legally-binding contact, the fact that MS is stating in public Windows shouldn't be used in critical applications should tell you something. The bottom line is that if GE, Philips or Agfa build a medical system, they should be responsible for that product from the software up to the hardware. The fact that *they don't have control* over one of the components in their products (the underlying OS) is negligent, IMO.

    I would get laughed out of court if I tried to blame a critical problem with a report I wrote on my secretary, and the same should happen with these companies if somebody's loved one dies from their irresponsibility.
    • I'm not a big fan of Microsoft, but I don't think the quality (or lack thereof) of their products is the issue here. I've read from their EULAs that their products are not suited towards critical applications (ie nuke facilities, life support). My point is that although a EULA is not a legally-binding contact, the fact that MS is stating in public Windows shouldn't be used in critical applications should tell you something.

      Step 1: Issue EULA stating yoru products are not suitable for mission-critical app

    • Well, apparently Microsoft think they can [microsoft.com] do operating systems for medical applications. Personally, I can think of more suitable [qnx.com] operating systems for the task...
    • by gosand (234100) on Monday August 09, 2004 @03:22PM (#9923249)
      I'm not a big fan of Microsoft, but I don't think the quality (or lack thereof) of their products is the issue here. I've read from their EULAs that their products are not suited towards critical applications (ie nuke facilities, life support). My point is that although a EULA is not a legally-binding contact, the fact that MS is stating in public Windows shouldn't be used in critical applications should tell you something.

      But there are a lot of applications that are not themselves critical, but could play a part. I work for a company that does materials management software for hospitals. This stuff is tweaked for efficiency, and hospitals rely on it. It runs on Windows only. Doesn't sound quite like the importance of a pacemaker, right? Well let's say the hospital gets hit by a virus. Yes, it happens, even with firewalls. Now their materials system is fubar, and they are used to it having the right supplies on hand at the right times. If it is low on something, it reorders it automatically. Now they are screwed, and they don't have something that they really need. Someone could die.

      Hospitals have to operate on razor thin margins, and they can't stock millions upon millions of dollars of everything. They look to lower their on-hands inventory as much as possible.

      There is all kinds of software in the hospitals that can go horribly wrong, not just the obvious stuff.

  • by TommydCat (791543) on Monday August 09, 2004 @02:03PM (#9922477) Homepage
    Does the heart-lung machine have an internet addressable IP? Could it wind up as a spam zombie?

    Survery says... Beeep! Beeep! Beeep!

    What "security" or other risk with a turnkey standalone system? I'd rather risk the remote chance of someone breaking into my room to run CAT-5 to my vitals monitor rather than a BSOD (possible REAL death in this case) because Service Pack x broke some obscure function and failed to alarm the nurse when my heart stopped.

    Do the morons at the hospitals run Windows Update on the defibrillators?

    The manufacturers have tested and retested and regression tested everything that goes into those medical devices (or they say, anyway), so why deviate from a known good combination without a compelling reason?

  • GE Medical Systems (Score:5, Informative)

    by Ryan Stortz (598060) <ryan0rz@@@gmail...com> on Monday August 09, 2004 @02:03PM (#9922482)
    My father works for GEMS as a Field Service Engineer; he repairs and installs X-Ray Machines, CAT Scanners, and Mamography machines. As far as I know, GEMS doesn't run Windows on any of it's boxes (other than Engineer Laptops). Most of their older systems are UltraSPARC/SunOS boxes. The newer ones are Intel Xeon/Red Hat rigs with their own custom window manager. Heh, he's even called me in a few times to help him with some Linux problems.

    It makes sense to me, GEMS and the Hospitals aren't going to risk $500,000 to $2,000,000 machines because of Microsoft's poor track record. Not to mention, a bug in the software can bring down the system for hours, until someone can come in and fix the problem. My Dad has problems all the time with doctors breathing down his neck. Most the time they have a full schedule, and when a x-ray tube blows it can take up to 4 or 5 hours to replace. Not including shipping from Wisconsin or France.
    • by djh101010 (656795) * on Monday August 09, 2004 @02:16PM (#9922641) Homepage Journal
      Sorry, Ryan, but you're not correct. I worked for GEMS for 12 years, in software engineering. There _are_ Windows systems embedded into some of these scanners. Most of them do trivial things and are being phased out in favor of *nix systems, but there _are_ Windows-based medical devices.

      It's quite a quandry. If you don't patch the 'doze boxes, (and if you don't have a firewall...) it's possible that someone could infect that system. The problem is, GE (and obviously the other device manufacturers) test the hell out of that specific OS build and patch set. When Windows Update breaks things (which happens more than never), the system is now in a state which GE didn't test, and may in fact break the functionality of the scanner. At this point, the FE has no choice but to re-load the PC from the GE-supplied media(which doesn't have the latest patch that the hospital just installed).

      The solution? It's pretty simple, stop using Windows in critical situations. I was trying to make that point 10 through 5 years ago there, and was involved in some of the very first Linux tests, prototypes, and production implementations there. The current generation of scanners is mostly linux/intel based, although there is still a lot of SGI/Irix at the top-end where heavy image processing is done. The fix for this problem, is to avoid this problem, and that's really the only sensible approach.

      So, yes, they do have 'doze systems embedded in some of these scanners, but it's getting better. The hospital gets to choose between complying with HIPPA and patching the systems, or installing an unsupported patch which might break the scanner. Not a good place to be in, but then again, people shouldn't be reading their email or surfing the web from the MRI scanner's console, and the hospital _should_ have a firewall blocking the slammer/whichever ports.
  • by syrinje (781614) on Monday August 09, 2004 @02:03PM (#9922486)
    Dont most medical systems (CAT scanners, heart-lung machines, dialisys units, monitoring units etc) have purpose built firmware and software? When did they start to put M$ OSes or code into machinery that directly affects/controls/reports what goes into a patients body or comes out of it?

    Of course administrative computers used for record-keeping do run M$ mostly (somebody should point out to the HMO's how much money they'd save with Linux! They'd be onto it in a shot). But the "patients lives on the line" threat there is not as great as the having faulty code controlling a laser in a brain surgeons hands.

    I suppose that M$ must be developing a real RTOS for use in medical machinery. They would have managed to get in some OS variant into some non-critical systems. And they will probably penetrate the critical medical systems market at some point in time.

    That would be a bad time to visit a hospital.

  • by tstoneman (589372) on Monday August 09, 2004 @02:03PM (#9922489)
    I'm sorry, but no matter what OS these devices are on, WTF are they doing on a generally available network where they can be crashed and where security updates are necessary? They should be completely isolated!

    This is not so much a Windows problem as opposed to a lazy network admin's problem.

    Isolate those damn machines!!! Don't have network ports just opened everywhere! Come on, this is why network admins get paid the big bucks!
  • by gregarican (694358) on Monday August 09, 2004 @02:04PM (#9922504) Homepage
    The recent times I've been in hospitals I've checked to see what they're running. The two major hospitals near me don't appear to have the real "life and death" equipment running Windows. I'm talking about vital stat monitors and other surgical recovery equipment. I've seen certain medical records being accessed on Windows-based systems. Perhaps then there could be issues with lost information as to current prescription or observational data being lost or corrupted.

    But even then wouldn't such systems be running separate from the public Internet? If so, on top of that wouldn't they be secure enough so that executives with their laptops can't just plug in and hose things up? With even entry-level expertise IT staff should be able to separate these boxes onto some sort of a VLAN that would secure them by default. What are the IT folks' take on this who are working front line in the medical arena?
    • yes... (Score:5, Informative)

      by drmike0099 (625308) on Monday August 09, 2004 @02:26PM (#9922749)

      The article mentions one thing that needs to be emphasized, which is where the FDA guy states that they're not going back to the dark ages where systems don't talk to anything else. For years, every device was on its own proprietary network (if it was on a network at all), and talked to itself and absolutely nothing else. This was bad.

      In only the last couple of years (because medical IT is very behind the rest of the IT industry in a lot of ways) these devices have moved rapidly to using commodity protocols and network infrastructures, driven by hospitals' needs to do all of this more cheaply, and not have a lot of chaos.

      Also, they want to provide some value add on top of the monitoring systems. For instance, it's nice to be standing by the patient's bed and see the monitoring data. It's even better to be able to export that data to another system so that it's more useful, or display it on a website so MDs can see it. All of this requires networking capability, and Microsoft (like it or not) is considered a leader in the field for server software, and has a large division [microsoft.com] providing solutions to healthcare.

      Overall, the more advanced features you want a clinical system to provide, the more that system needs to integrate with other systems. Companies have given up reinventing the wheel on this every time, and are basing what they do on standard software and protocols. Microsoft is one of those. We try to avoid it whenever possible, however in most instances the decision for one product over another is based on clinical value, and not IT preference.

  • What devices? (Score:4, Interesting)

    by MobyDisk (75490) on Monday August 09, 2004 @02:06PM (#9922524) Homepage
    I was going to complain about how Windows is not appropriate for embedded devices, but then I reread the article for examples. They don't make one mention to any kind of "device." The only thing they mention is some system by Kodak for transferring images. I think the word "device" is there to scare the public into thinking that their heart monitors and chemotherapy machines are going to be infected. I doubt these devices have hard drives or TCP/IP connections to infect. More likely, they are talking about hospital computer systems. My experience in the Medical Informatics biz is that this sector is technologically further behind than any other section of IT.
  • Chicken Little (Score:3, Insightful)

    by blahlemon (638963) on Monday August 09, 2004 @02:10PM (#9922565)
    Once again, another "The Sky is Falling!" story from Slashdot. Patch vs. Crash, your very life might be at stake! Oh My GOD!

    Pshaw, what a pant load. Here's a more rational look at this.

    1: Chances are, your life won't be at stake. Any doctor or nurse worth their salt should be able to keep you alive without a computer. It's not like it's sitting in the room beside you, monitoring you. At least, not one running Microsoft

    2: Any System Administrator worth his/her salt never, ever, ever puts a patch on a critical system without first testing, testing, testing on another system.

    3: Also, any System Administrator with half a brain puts some type of firewall in place between the world and critical systems.

    If the above three conditions are not true then the failure has occured in more important places then Microsoft or the Software Provider.

    And BTW, Linux is not the solution here. Sure the vendor might be able to put together a fix faster with open source but there would still be some lag time; assuming the software vendor chose to make a fix at all and not take the same attitude they are taking with Microsoft.

  • by Anonymous Coward on Monday August 09, 2004 @02:12PM (#9922598)
    I work in one of the top hospitals in the US (Top 100 Wired, top 25 in a lot of the US News and World Report rankings, etc) as the principal technology architect, and I can say that people are idiots for going nuts and patching immediately.

    Our CIO, who's pretty well respected among his peers, asked us last week on deployment schedules for this. We pushed back and said, if we deploy now, we'll run into a host of issues. Over the weekend we did some cursory testing against most of our Patient care apps (a lot are web based) such as Cerner Millennium and GE's CentricityWeb. We're far ahead in the CPOE game for healthcare, so our devices are used for input of labs and orders.

    Most of the biomed equipment we have doesn't run Windows. Personally, if you do your environment right, then you shouldn't have to worry about viruses and stability.

    Healthcare doesn't function like the rest of the business world. It's a completely different animal.
  • by for_usenet (550217) on Monday August 09, 2004 @02:13PM (#9922607)
    I work with MRI scanners, so I know about these issues very well, and here's an example from my own experience:

    An old colleague of mine got funding to start his own reasearch group, meaning he got his own MRI scanner. He asked me to consult on some software that would extract the data from the console of a Siemens scanner (at the time, the console was based on an OLD version SunOS, whose native compilers did not even conform to standard ANSI C) and send it directly to another computer running software that we use for data analysis. The dialect of C was a little strange, but within a week, I was able to get the software together, and my colleague was able to do the type of experiments he wanted to. And his scanner hummed along. This was back in 2001.

    Fast-forward to the present. His console has since been "upgraded" to Windows XP system, and in the times I've spoken to him, he's had nothing but bad things to say about the stability of the "upgraded" system. And it's not that he had a choice, as support for his previous system was phased out. So now patients, doctors and reasearchers in his group are at the mercy of the moods of an XP system. And mind you - this system is not even on a publicly accessible network. It is on its own dedicated, private network, and its stability still can't be maintained, even by the support staff of the scanner manufacturer.

    When it comes down to it, Windows still does not have the stability (never mind the security issues to cut it in really "mission-critical" situations). Maybe in cases where you need your e-commerce site up, running, and handling 1000s of transaction per second. But NOT when peoples' lives are involved.
  • by foxtrot (14140) on Monday August 09, 2004 @02:15PM (#9922626)
    Firewalls won't help. If it runs Windows, some idiot's going to bring in a CD full of pictures from his latest vacation and the CD's going to be infected with MyDoom or (heck, probably and...) Sobig or any number of other nasties. Or it's going to be something he wants to print on the nice laser printer at the office.... there's a hundred ways to get infected just by clueless users.

    Pretty soon, the internal network's either too busy generating random traffic to do anything else-- and even if the Big Iron of the business, the dialysis machines and heart-lung devices and all those wonderful things that better damned well not break work fine, you've still got the terminal the nurse sits in front of that keeps track of when to issue you your shot that keeps you alive spending half its time rebooting because it's got Sasser.

    This is not a problem a firewall can solve, and it's pretty darned big: You can't go throwing software around willy-nilly to solve this problem (even though the real problem is that the users _are_ throwing software around willy-nilly), so you can't just go "oooh! A next-day patch from Microsoft, let's hope their two hours worth of QA before it walked out the door was good enough!".

    -JDF
  • by grunt107 (739510) on Monday August 09, 2004 @02:16PM (#9922644)
    All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing. These regulations add weeks, if not months, to system changes, regardless of change scope.
    Case in point is the drug study setup. Setting up data entry screens and processes can take up to 6 months for a given trial, and that trial may only run 3 months for the study metrics. If any of these processes are documented incorrectly, and entire trial can be dropped and the drug denied.
    This, in the hospital realm, is all about CYA. If a piece of equipment is not certified to this extent, the hospital can be held more liable for patient injuries if said equipment falters.
    • Really?! (Score:4, Interesting)

      by gillbates (106458) on Monday August 09, 2004 @03:04PM (#9923114) Homepage Journal

      All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing

      So, if the hospital installs an uncertified piece of software on the machine, then they would be at risk if death or injury occurs, not the vendor.

      If someone was injured by an unpatched machine, the hospital could pass liability back to the manufacturer - after all, they were in full compliance with the federally tested machine configuration. In which case, the manufacturer would be held liable for any injuries.

      But it doesn't stop there. The manufacturer could easily and convincingly claim that Microsoft overstated the reliability of their operating systems, and the failure was due to Microsoft's code. Convincing a jury that a Windows crash caused the injury would be a trivial exercise for even the most inexperienced attorney; almost everyone has had some experience with a Blue Screen of Death.

      Now comes the interesting part. Yes, the manufacturer may have agreed to the EULA, and may not be able to sue Microsoft. The patient, however, did not agree to the EULA, and having been damaged by Microsoft's code, could easily convince a jury, that in spite of the EULA, because Microsoft knew that their code was being used in medical devices failed to show due diligence to protect the user. Microsoft can't weasel their way out of this one, because the EULA doesn't apply to the patient. And, unlike the software liability cases, a medical malpractice case could easily charge the defendant with millions, or even billions of dollars in punitive damages.

  • by Datoyminaytah (550912) on Monday August 09, 2004 @02:23PM (#9922715)
    > Unfortunately, the stakes here could be human lives.

    Soon to be made into a movie starring Uma Thurman.

    It's called "Bill Kills".
  • by Zed2K (313037) on Monday August 09, 2004 @02:54PM (#9923035)
    This is just one of the many huge problems inside hospitals these days. Many people do not realize how often just a simple name and patient number gets assigned to the wrong person. Records get swapped with someone else or a gender or age gets changed. All these life threatening mistakes are human error. The problem is that the transcriptionists get paid per word. Not whether they word is correct and the document they transcribe is correct. It's also all about money and internal politics. They choose systems not based on whether its a good match for the hospital and the patients but based upon which board member is in bed with which company. They'll spend 10s of millions of dollars on a new system just because some higher up gets a kick back or has a golfing buddy. Then the system turns out to be total crap and they start the process all over. All the while they raise their cost of doing business and push it off to the patient.

    Knowing what I know there is no way in hell I will ever go to a hospital unless I'm already dead. Cause they'll kill you just sitting in the waiting area.
  • by LabRat007 (765435) on Monday August 09, 2004 @02:58PM (#9923066) Homepage
    Kinda give a new meaning to the blue screen of death huh?
  • by mboedick (543717) on Monday August 09, 2004 @03:11PM (#9923173)

    Are there really systems that human lives depend directly on that are running Windows?

    If my life ever depends on some software, I want the operating systems and all the other software to be mathematically proven to be correct and I want multiple backups/failsafes present. I don't want it to be some VB app running on Windows because it's quicker and easier to develop.

  • by pandrijeczko (588093) on Monday August 09, 2004 @03:20PM (#9923235)
    [Administrator] Ah, Mr Gates, welcome to our delivery room. As you can see, here we have the operating table, anaesthesia equipment & the surgeon's tools on this stand here... and of course our patient, Mrs Edna Sprockett on the table.

    [Gates] (pointing to a machine with lots of flashing lights) And that is?

    [Administrator] Aha, that's the Windows XP machine that goes "ping"!

    [Gates] (beaming) Very good... very good... and the patient? What's she here for?

    [Administrator] She's shortly to give birth, Mr Gates.

    [Gates] A birth, eh? So what's one of those then?

    [Administrator] That's when the doctor takes the baby from the lady's tummy.

    [Gates] Ah, I see. And will you be using the machine that goes "ping"?

    [Administrator] Of course, Mr Gates.

    [Gates] And you'll be wanting the upgrade of course...

    [Administrator] Upgrade, Mr Gates?

    [Gates](putting his arm round the adminstrator's shoulders) Administrator, as of Service Pack 2, your machine that goes "ping" will become a machine that goes "thweep ftang chortle whoop".

    [Administrator] Really, Mr Gates? Well, we'd better have one of those then.

    [Gates] (taking out a pen and a contract) Excellent! Well, if I can just have your signature here and a deposit for £100,000, I'll have the upgrade winging it's way to you first thing in the morning.

    [Administrator] (after signing contract and giving Gates a cheque) So, any other questions, Mr Gates?

    [Gates] (beaming) Yes, actually there is one. The patient? What's she here for?

    [Administrator] She's shortly to give birth, Mr Gates.

    [Gates] A birth, eh? So what's one of those then?

    etc.

  • by jafac (1449) on Monday August 09, 2004 @04:24PM (#9924031) Homepage
    Configuration Management means:
    - controlling the Configuration of equipment, in order to ensure consistent behavior.

    Unfortunately, Configuration Management often does not take into account the fact that when you put a system on a network, it becomes part of a larger system, and unless you manage the entire network of systems, then you cannot really control your conditions, nor can you ensure consistent behavior.

    This needs to be taken into account as a basic "sky is blue" assumption of Configuration Management.

    Sadly, it is not.
  • by theManInTheYellowHat (451261) on Monday August 09, 2004 @04:49PM (#9924291)
    This has been a real problem for a very long time in many industrial applications. And it is not limited to the OS but the box as well.

    The temptation is way to great for the bean counters and greedy sales typs to switch the robust hardware and OS for the commodity type and save a bundle up front.

    Consider a $500 PC and an $2500 industrial PC. If you let the bean counter do the math he will tell you about the 3ghz P4, GeForce 4 100 gig hdd v. the P3 20 gig with an average video card.

    Then you explain that the OS's have the same disparity in cost and he starts to get confused

    I have said many times before that we have Windows not because it was best but because it was cheapest. Same with the clone PC. MS got to be the default OS because it was generaly 50% of what the other OS's were.

    Now when it comes to saving lives the cost should not matter, however, it is still a business. And there are still bean counters and greedy sales people who get to make some very powerful decisions.
  • Bad idea anyway (Score:3, Insightful)

    by nurb432 (527695) on Monday August 09, 2004 @05:32PM (#9924640) Homepage Journal
    Preface: this is NOT a Microsoft/windows bash..

    Why in the world are they using a desktop operating system of any kind on medical equipment?

    I wouldn't care how stable it was, that doesn't belong in that market.. Embedded systems that are dedicated to the need are what should be used...
  • Vicious Circle (Score:3, Insightful)

    by simetra (155655) on Monday August 09, 2004 @06:43PM (#9925157) Homepage Journal
    Over the last 10 years, everyone's become accustomed to Windows. Everyone has Windows. Once everyone got Windows, they wouldn't use anything that didn't work on Windows. So, vendors began migrating everything to Windows. (I used to work for a software company and now work at a hospital). So now, all the vendor's software runs on Windows, and probably runs just fine... provided the Windows version remains the same as the one it was tested on, no patches are applied, and no other apps are installed onto the same machine. But, users are used to running everything they want on Windows. That, after all, is the point of Windows. Plus, Windows is way cheaper than other options. Not to mention training. So, we're stuck with Windows apps, and there's really no cheaper alternative out there. This would be fine and dandy, if the only problems with Windows were worms and viruses. But no, like regular windows, Windows breaks really, really easitly.
    Even the few vendors I've seen who have balls enough to release a Linux version of their software are tied to specific distributions, specific kernels, etc.

  • Oh come on! (Score:4, Insightful)

    by marshac (580242) on Monday August 09, 2004 @06:46PM (#9925182) Homepage
    Seriously, is the REAL problem the OS? I think the REAL problem is insecure networks. Lets think for a second about all of the Windows/IE vulnerabilities in the past several months... how many of them matter if you're not connected to a network? Windows 2000/XP in my experience has been quite good, and when properly maintained (ie: no junk installed), provides a very stable platform. No one should be "surfing the web" from the deliberation machine, nor can I really see why it would need a serious network interface.... Let alone access anything on the internet! I think what hospitals REALLY need are security experts to take a good long hard look at their network and decide what SHOULD, and what SHOULDN'T be on the LAN... and if some level of network connectivity is needed (ie: the ability to monitor equipment from across the hospital), this should be on a totally separate VLAN with NO access to the internet.... Internal routing only, no exceptions. Computers connected to this LAN wouldn't have removable media bays, so the threat of worms, etc should be mitigated by general inaccessibility.

    I know everyone on Slashdot would LOVE to blame the OS, but really... the fault is not with the OS as much as it is the networking admins, and even more likely, the administration for not providing the NAs with the support they need to make a properly secure network.

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...