Anti-Malware Scan Stops Cardiac Catheterization Procedure

It is important for anti-malware solutions to be used to protect medical devices, although care must be taken when configuring software. As was recently highlighted at a U.S. hospital, a software misconfiguration has the potential to have an adverse effect on patients.

Earlier this year, a cardiac catheterization procedure had to be halted when a hemo monitor PC was prevented from communicating with the hemo monitor. This resulted in the hemo monitor screen going black, preventing the operating room staff from viewing the patient’s physiological data.

There was a delay to the procedure of around five minutes while the application was rebooted, during which time the patient was sedated. The procedure continued after the application was brought back online and was completed successfully, although the delay could potentially have caused the patient to come to harm.

The Food and Drug Administration (FDA) has recently issued a report on the incident, which occurred on February 8, 2016.

The FDA investigation revealed that the temporary failure of the equipment – Merge Hemo V9.40.1 – was not due to a fault or malfunction with the programmable diagnostic computer or monitor, but with the anti-malware software that was used to protect the device from malicious software installations. The anti-malware software had been configured to scan all files, including patient data files and medical images. This was against the recommendations of Merge Healthcare, the manufacturer of the device.

According to Merge Healthcare, improper configuration of anti-malware software can result in downtime and may have an adverse effect on performance of the equipment. While it is important to regularly scan for viruses and other malicious software, it is essential that software is correctly configured.

Merge healthcare advises users to only scan for vulnerable files and to skip patient data files and medical images, which was clearly stated in the guidelines supplied with the equipment. The incident was attributed to human error when configuring the software.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.