You know, there’s nothing that quite fills the heart with that warm, comfortable feeling of pants-crapping terror like the words “medical equipment” and “malware” in the same sentence. But it’s an increasing problem in America’s hospitals. A mixture of human stupidity, outdated versions of Windows, and terrible computer security means that the giant radiation gun your doctor is waving around has a pretty good chance of packing the ILOVEYOU virus.
The problem is pretty simple. Most medical equipment is computerized, and thus connected to the Internet, which is used by old people, who will download anything, even if it’s called “Your Computer Will Become Sentient and Commit Horrifying Acts of Sexual Assault In Every Conceivable Orifice.” Complicating the problem? The ancient and busted software that, due to corporate paranoia, can’t even get a copy of Norton:
In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, [computer security expert Kevin] Fu says.
As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.
Oh, and some of them are nuclear medicine machines.
The good news is that, so far, our nation’s medical equipment being a bunch of outdated virus-riddled turds has not killed anyone. Also, hackers seem uninterested in, say, telling hospital computers to kill. So far. But it would be really nice to have these FDA rules revised to allow software updates, mkay?