Crazy to think about the consequences of a mistake like this. This was sent by a friend to an email list I'm on:
"Well, consider this community hospital fubared.
IT dudes running around pulling out their hair. If it wasn't affecting patient care it would be a humorous scene-but I can't check xray's, or labs or anything.
Took out a horrendously bloody gallbladder this morning, and I can't tell (labwise) if she's still bleeding...not good."
Wow. Kinda makes me wonder if we should be using general-purpose computers for so many things. The anti-virus is kind of a major single point of failure for machines that need to do just a few specific things.
I don't think we need to move to special machines, we just need to move to sensibility in choices. Why do these need to be running Windows? Even if they're running Windows, why do they need an antivirus? Are you letting people on attachments from their email or browse the internet on the same box that you're using to read X-rays and other medical imagery? Kind of weird to do that, right?
I need to think about how to exploit this to promote the installation of *nix-based systems and get people to hire my company to do it.
Doc here: do you run a subversion client or an IDE on the same machine you check email or browse the web with? kind of weird to do that, right?
I'm all for nix-based systems. Please, oh please, convince these people to go to nix and web app (that aren't slaved to IE: eg, AHLTA, or Fuji's Synapse imaging software). I will give you their numbers.
I actually freelance with a group that is making a web app for viewing medical imagery. Has a Flex-based frontend, though.
I guess I don't understand the use case -- I had assumed that the computers needed to tell if a patient was bleeding or not were connected to a machine that did some kind of image-taking or internal measurement, and that that machine was the stationary "is patient bleeding machine" computer. Do doctors generally perform analyses like that one on personal computers or normal workstations? I guess I just got a false impression from medical dramas or something.
What if the doctor reading the scan is in another city/country? That's becoming increasingly more common.
Though on the AV front it doesn't make sense to have all of your organization's computers running critical software to update at the same time (no matter what software, it just happened to be the anti-virus this time).
Absolutely not. I use a virtual instance of windows for that stuff. I'd never do web browsing like activities (or much network connectivity at all) on a machine that was about to compile a binary that might be duplicated thousands of times to thousands of places.
The Parallels windows pc on my mac was hit by this very problem. I had to restore to a 3 day old snapshot just to get it running again. I feel bad for those who were running windows bare-metal who can't just press a button and go back.
It'll all move to thin clients and the cloud. Just watch.
Not saying it's better, and in fact it'll be worse. The net goes down way more than the AntiVirus gets a bogus config file. But you'll see cash-strapped facilities get sold on the idea of cheaper clients on-site and a large server with a juicy maintenance package behind it.
Best Practices, n.: Making the same mistakes everyone else
does.
However, what are the odds of someone being able to make special-purpose machines to do everything COTS boxes are used for, and making those machines as fast, cheap, and reliable as COTS systems are now? Some things seem obvious (x-ray machines, lab machines) but accounting and record-keeping? Going back to adding machines and purely manual filing is not an option in a large hospital, especially if it has to maintain modern standards of patient care over a large patient population.
I think virtualization takes you a long way towards the solution to this issue. With Win7 I've gotten into the habit of routinely working on virtual instances using the boot from .vhd feature. This means that if something goes wrong my host is not impacted and I can revert to an earlier version of my .vhd to solve problems like this one. The standard IT "wait and see" policy makes this something that will take awhile to become common but I think it is the way to go for pretty much any critical path task you do on a Windows PC (other OSes such as OS X have similar features as well but I only use OS X for "media" stuff).
"Well, consider this community hospital fubared.
IT dudes running around pulling out their hair. If it wasn't affecting patient care it would be a humorous scene-but I can't check xray's, or labs or anything. Took out a horrendously bloody gallbladder this morning, and I can't tell (labwise) if she's still bleeding...not good."