Radiology Imaging, Diagnostic Imaging, Medical Imaging News, Education, Resources

Intensive Care Units (ICU) are areas at hospitals where people in need of special care are admitted. Those people need continuous monitoring for their condition. These units are normally equipped with high tech patient monitor machines, ECGs, and ventilators.Furthermore, ICUs normally keep higher standard of infection control to make them invulnerable to all kinds of infections due to the critical condition of their patients.

e-Infection!

I was visiting a local hospital recently to perform maintenance to a portable X-ray machine. While present, I noticed alerts on all PC screens in the ICU which were running the Critical Care Information system. All screens where showing a "McAfee Virus Alert". The list showed multiple virus infections. Even though ICU was equipped with high-tech patient monitors, ventilators and looked very clean and dis-infected, but it was; actually, infected with a special type of infection. This infection had no direct harm to the patient but it was definitely impacting patient care directly!

How a computer virus threatens life?

In these days, patient monitoring is not performed at bedside, instead, each patient is monitored centrally by nurses & medical staff; i.e., at the nurse station.  Thus, interruption in flow of clinical data between patient monitors and central monitoring system will definitely interrupt the monitoring of the vital signs of critically ill patients. Also; at critical care stations, physicians make electronic requests; i.e., for lab or imaging procedures. Virus infections can make those PC's slow or even completely down by corrupting some files. In fact, delay in exam requests is definitely “life threatening.”

Moreover, at critical care stations, physicians write their reports, notes or prescribe patients’ medication. Virus threats on these stations; again, will delay the whole process at the ICU. In my opinion, delays are not a sign of a well performing and effective ICU.

On the ground…

Frankly speaking, this ICU was not the only place where I have seen such virus attacks. Many places like neonatal ICUs, radiology departments, cardiology, and nuclear medicine had the same issue.

In 2008, one year after world-wide attacks of the well-known electronic viruses “the Trojan”, with different names such as DownaDop, Conficker, etc..., the Trojan hit most of healthcare information systems here locally in a matter of a week. Moreover, X-ray and ultrasound machines were also hit, especially those with MS-Windows XP. At that time, it took down 6 X-ray machines due to network problems.

Finally, we have to admit that hospitals here could be in trouble! In the near future we might see a crisis due to the fact that the number of medical equipment getting connected using TCP/IP networks is exponentially growing.

Problem and Solution!

The problem is not actually the "virus attacks", virus attacks take place everyday and everywhere, the problem is lack of network security and maintenance! In fact, if you are connected to the outside world then you are at risk! You don't have to be connected to the internet, allowing use of removable storage devices (i.e. USB devices) is the biggest source of invulnerability.

The solution is not easy but affordable and it is better to start now than never. Efforts to set standards for security in eHealth and for medical devices are taking place. HIPAA is one example of such standards. HIPAA is a governmental act in USA to ensure security and privacy of patients’ health records. Some of these requirements are securing health records from viruses.

Moreover, effort was provided by U.S Department of Veteran Affairs to design a model for secure network of medical devices. Another effort was expressed by Society of Hospital Information Management Systems (HIMSS) to encourage a medical device security disclosure, similar like a DICOM conformance statement.

In our country, the gap is very huge. We should immediately start somewhere. We neither have IT teams in hospitals nor experience in biomedical engineering departments to overcome virus attacks.

A plan to address this issue should be divided into three stages.

•     Stage 1. Putting IT security standards on our list of priorities.
•     Stage 2. Forming an independent IT support team in a hospital, independent from the medical device vendor. If the main issue is lack of resources, then the solution is to outsource it, just like electrical maintenance or waste management.
•     Stage 3. To Include IT support, network management, and network security in medical device RFP’s, and the service contract (service level agreement.)

Resources...

1.     When medical-device gets sick. Ellen Messmer, NetworkWorld.com, 2004
2.     Medical Device Isolation Architicture Guide, Department of Veterain Affairs, USA. 2004
3.     Trends in Medical Device Security. HiMSS.org (Bibliography)
4.     Cybersecurity for Medical Devices.Scott Bolte, GE Healthcare, 2005

Contributed by Hussein Alsayiegh

Source: http://www.kuwaitimaging.net/medical/content/when-viruses-attack-icu

---

Related news items:

• Radisphere Launches New site for Radiology Standards & Quality
• Wisconsin Radiology Practice Turns to McKesson for Full-Service Revenue Management
• Virtual Patient to be Presented at the Human Toxome Workshop
• Mobile Healthcare Industry Summit 2012
• Breast Imaging Innovations from Siemens on Show at Symposium Mammographicum

---

Comments (0)

Write comment

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Add Comment