No surprise there. Until about a year before I left my previous place of employment, all the fetal monitors in the patient rooms had no anti-virus software whatsoever.
From Ars Technica:
Drug-resistant bacteria aren't the only pernicious bugs that hospitals need to worry about. MIT's Technology Review reports that hospitals' computerized equipment—such as patient monitoring systems, MRI scanners, and nuclear medicine systems—is dangerously vulnerable to malware, and many systems are in fact heavily infected with viruses.
That's because many of these systems run on older versions of Windows—such as Windows 2000. Medical equipment manufacturers often won't support security patches or operating system upgrades for their systems, largely out of concern about whether such changes would require them to resubmit their systems to the Food and Drug Administration for certification.
The scope of the problem was the topic of a panel discussion (PDF) at a National Institute of Standards and Technology (NIST) Information Security and Privacy Advisory Board on October 11. Mark Olson, the Chief Information Security Officer at Boston's Beth Israel Deaconess Medical Center, told attendees that malware had infected fetal monitors in his hospital's high-risk pregnancy ward, to the point where they were so slow they couldn't properly record data.
"Fortunately, we have a fallback model," Olson said. "They are in an (intensive care) unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction." The systems have since been replaced with new ones—based on Microsoft's Windows XP.
"The systems have since been replaced with new ones—based on Microsoft's Windows XP." Oh, that's reassuring…
That's pretty much what I was thinking. Windows XP, a version that is on life support as it is, is their way of upgrading systems.
Personally, they need to switch these things to Linux. Debian would probably be a good choice, as their distribution is fairly hardened for servers as it is. I wouldn't recommend reinventing the wheel with a custom OS, as then their programmers will probably just trip all over themselves making the same mistakes that every other OS has run into and fixed already.
It could be a lot worse, they could be running android.