A patient undergoing heart surgery at a US hospital was put at risk when the computer software being used to help carry out the procedure crashed due to an untimely anti-virus scan “improperly” installed on the system.
The incident took place in February 2016, but has only just been reported on the website Softpedia after documents from the US Food and Drug Administration were released (FDA).
An investigation by the federal body found that the medical equipment being used went off-line for more than five minutes.
The device itself was called Merge Hemo, which was a complex piece of medical equipment that helps supervise heart surgery procedures, when a doctor inserts a tube inside veins and arteries.
No damage was caused as the patient was sedated at the time; however, the FDA will continue to look into the matter to make sure it is not repeated. The location of the hospital was not revealed.
“The cause for the reported event was due to the customer not following instructions concerning the installation of anti-virus software; therefore, there is no indication that the reported event was related to product malfunction or defect,” a report by the FDA stated, which was published on its website.
The anti-virus software was programmed to scan every hour, which breached the guidelines that should have been in place, as this meant that a scan could have taken place during an operation, which is exactly what happened.
“The intent of these guidelines is to configure the anti-virus software so that it does not affect clinical performance and uptime while still being effective. To accomplish this, the anti-virus software needs to be configured to scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files,” the FDA statement added.
The hackers initially demanded $3.6 million in the difficult-to-track bitcoin currency, but eventually settled for only $17,000 worth to return their systems to normal.
In early April, MedStar, a Washington DC-area healthcare provider, had to revert to using paper systems after a cyberattack took its computer network completely offline.
The problems meant that MedStar’s patients could no longer book appointments, and the healthcare provider’s 30,000 staff and 3,000 physicians were unable to access record systems, check their emails or even look up phone numbers due to a computer virus infection.