Heart surgery stalled for nearly 5 mins as anti-virus scan crashes computers

© Brian Snyder
A patient undergoing heart surgery at a US hospital was put at risk when the computer software being used to help carry out the procedure crashed due to an untimely anti-virus scan ‘improperly’ installed on the system.

The incident happened in February 2016, but has only just been reported on the website Softpedia after documents from the US Food and Drug Administration were released (FDA). An investigation by the federal body found that the medical equipment being used went off-line for more than five minutes.

The device itself is called Merge Hemo, which is a complex piece of medical equipment that helps supervise heart surgery procedures, when a doctor inserts a tube inside veins and arteries.

The piece of software has two parts, one of which is connected to the tubes in order to monitor them, and the second which is the program itself, which runs on the doctor’s computer and shows the data in regards to the medical procedure taking place. 

However, the software program underwent a most untimely anti-virus scan, causing the computer to crash while the surgery was taking place, as key data could not be accessed. The screen went blank and the doctors undertaking the procedure had to quickly reboot the computer.

No damage was caused as the patient was sedated at the time; however, the FDA will continue to look into the matter to make sure it is not repeated. The location of the hospital was not revealed.

“The cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect,” a report by the FDA stated, which was published on its website.

The anti-virus software was programmed to scan every hour, which breached the guidelines that should have been in place, as this meant that a scan could have taken place during an operation, which is exactly what happened.

"The intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files,” the FDA statement added.

However, not all computer problems facing hospitals are down to human error. In March, a California hospital had its computer systems hacked with ransomware – a type of virus that prevents computer networks from functioning unless a payment is made to the cybercriminals.

The hackers initially demanded $3.6 million in the difficult-to-track bitcoin currency, but eventually settled for only $17,000 worth to return their systems to normal.

In early April, MedStar, a Washington DC-area healthcare provider, had to revert to using paper systems after a cyberattack took its computer network completely offline.
The problems meant that MedStar’s patients could no longer book appointments, and the healthcare provider’s 30,000 staff and 3,000 physicians were unable to access record systems, check their emails or even look up phone numbers due to a computer virus infection.