Dive Brief:
- A patient’s heart procedure was interrupted when antivirus software on a critical monitoring device caused the screen to go black and forced doctors to reboot the system before continuing.
- During the five minutes that the system was down, the patient was sedated and at risk of harm from the delay, the Food and Drug Administration said in an alert.
- The February incident underscores the potential risks when computers and computer systems are used in critical care settings.
Dive Insight:
The procedure, which involved a Merge Hemo programmable diagnostic computer, was successfully completed once the device was rebooted.
An investigation found the anti-malware software was performing hourly scans and attributed the event to customer error for not properly installing the software.
The product security recommendations explicitly state, ‘the intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective,” the alert noted. “To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files.”
Lack of security updates is one reason medical devices often have preinstalled antivirus software, ars technical reported. Because of federal certifications, customers are prohibited from going in and modifying the software.
A recent cybersecurity report noted human error is a top security issue related to cybersecurity efforts.