• United States

Market factors meet medical gear, upgrades

Aug 30, 20044 mins
NetworkingPatch Management Software

After last week’s BackSpin rant about the upgrading (or lack thereof) of medical devices, feedback was prompt. Reader Don Dickerson was one of the first to write in: “Concerning any unpatched operating system in medical devices . . . the solution is so obvious. Why are they using a commodity operating system in the first place? I am quite certain that those made with proprietary operating systems in ROM don’t have this problem, and since when does a device such as a drug-dispensing pump, defibrillator, EKG, etc., need an operating system like Windows!?”

Dickerson went on to point out that while the GUI might be nice, it is “overkill [and even] Linux and other operating systems are rather inappropriate for this sort of application.” He added that “MRI and CAT scan machines almost universally use their own [operating systems]. [The manufacturers] say they don’t trust anyone’s code but their own.”

Dickerson concluded with the observation that “an operating system in ROM cannot be changed or attacked. And patches are only needed if the manufacturer’s programmers make a mistake or want to add a feature.”

Reader Rick Hampton was annoyed with me: “You have perpetuated all the stereotypes clinicians have of IS people. Namely, that IS types live in their own world and are not capable of understanding other people, the real world or how to solve a real problem.”

Perhaps my point wasn’t clear. To all clinicians who read BackSpin let me make this unambiguous: The medical device upgrade mess is not any single entity’s fault and certainly not the fault of IS folks.

What created this mess was the economics of the free market colliding with computer technology and the medical world. As I have discussed, the free market as it applies to computer technology votes as it does for a certain combination of values (such as cost of acquisition, implementation and return on investment), and the result is often at odds with political value (public policy and safety, the need to suck up to constituents and lobbies, and so on).

Hampton noted that “it’s not exactly like the vendor is in the dark about their system’s environment. It is not uncommon for a manufacturer to refuse to sell you the equipment or install it unless you specifically agree to all of their terms and conditions. So if the manufacturers install the stuff, is it not reasonable to expect them to design it to function properly and be readily upgradeable when needed?”

Interesting thought – I wonder how often the device vendors say, “Thou shalt not connect this device to a network or any other source of potential risk of malware or hackers.” If the vendor doesn’t say that, the onus of protecting the devices falls on owners. And if the vendor can’t upgrade without the Food and Drug Administration’s approval and the device is in a hostile environment and the owner can’t protect it, then it is pretty easy to see where the responsibility lies.

It all comes down to politics and economics. That is the way it is. . . . If you can’t replace the equipment and can’t get the manufacturer to upgrade it, then that is the status quo, and short of getting some laws enacted or modified (both probably not good ideas) it will remain the status quo.

You could argue that the FDA is at fault. It is the authority that licenses medical equipment and has tied manufacturers’ hands by making it a long, slow process for them to have upgrades approved. But the FDA is chartered with protecting public health, and that requires making sure manufacturers produce equipment that is safe (trusting manufacturers and commercial operating system vendors to get it right where lots of money is involved and liability is an issue seems unwise when lives are at stake).

The reality is it is all about politics and economics, not computer technology and IS people. I just want everybody involved to stop whining.

Dare I ask for responses to


Mark Gibbs is an author, journalist, and man of mystery. His writing for Network World is widely considered to be vastly underpaid. For more than 30 years, Gibbs has consulted, lectured, and authored numerous articles and books about networking, information technology, and the social and political issues surrounding them. His complete bio can be found at

More from this author