The incident has prompted Skåne Regional Council (Region Skåne) to change its routines regarding computers for medical treatments.
In January 2009, a patient who had an irregular heartbeat was connected to a medical treatment computer with electrodes. During a discussion with the patient, the council’s IT department suddenly took over the computer by remote control without warning.
The computer was not labelled as a medical computer, but a council one. Medical-labelled computers cannot be taken over by remote control with prior approval from the user.
After an investigation, it was revealed that the computer had been replaced in the summer of 2008. The previous computer had been marked as a medical computer and despite protests, the new computer, which had administrative privileges from the council IT department, was designated as a council one.
The aim was to look for computer viruses to delete from the computer after the council had been a victim of a serious computer virus attack.
This resulted in a potentially dangerous situation for the patient. A warning about the measure did not come quickly enough and doctors were forced to discontinue treatment, which was not in a decisive stage.
After several minutes, health care workers contacted the staff member who had taken over the computer remotely and restored their control over the machine.
“If the catheter treatment was in the midst of a critical stage at the time, it could have resulted in serious consequences for the patient,” the board wrote in a letter to the person in charge of Skåne University Hospital in Lund.
IT procedures were immediately altered after the incident. The board is satisfied with the enterprise director’s pledge to ensure that it is clear who is responsible for the medical computers, as well as maintaining smooth cooperation between different departments.
It also pointed out the risks involved in medical computers being connected to other networks.