See, Merge is in the health care business. They’re owned by IBM, and they make machines for a number of different medical uses — ranging from eye care to orthopedics. They sell machines that are used in cardiology departments, too, and it’s one of those that was victimized by a piece of antivirus software.
Softpedia spotted a report on the FDA’s MAUDE (Manufacturer and User Facility Device Experience) system recently. The incident involved a Merge Hemo unit that was being used by doctors to monitor a patient during a heart catheterization procedure. In the middle of the operation, the monitor lost communication with the host PC that runs Merge’s software.
Doctors quickly noticed the screen was black and rebooted the computer, and fortunately the 5 minutes of downtime didn’t have any disastrous consequences. When they filed their report, Merge began investigating to uncover the cause of the failure.
Their findings: security software that had been installed on the PC had been configured to perform a deep scan every hour.
Administrative paranoia is understandable, what with all the ransomware infections that have taken down health care facilities this year… but it looks like some configuration tweaks need to be made to this particular system. Merge notes in their report that delays like the one caused by this overly-aggressive scanning setup could very well cause “a delay in care that results in harm to the patient.”