PC Auto-Update After Patient Given Anesthesia Causes Hospital to Cancel Exam

Plus what it wants to. Stick a sniffer in between the Win10 box and the switch and set it to record over the course of a month. You'd be amazed at what the Win10 box is doing, even if it's just "idle". Pay particular attention to IPv6 traffic, specifically NDP requests for the specifics. And yes, this is the volume-licensed Enterprise edition.

That's how IPv6 works. Windows 10 is not operating in an unexpected manner. Disable IPv6 and what you're talking about goes away.

Best I could find on short notice:

The IPv6 Neighbor Discovery protocol corresponds to a combination of the IPv4 protocols Address Resolution Protocol [ARP], ICMP Router Discovery [RDISC], and ICMP Redirect [ICMPv4].

In IPv4 there is no generally agreed upon protocol or mechanism for Neighbor Unreachability Detection, although the Hosts Requirements document [HR-CL] does specify some possible algorithms for Dead Gateway Detection (a subset of the problems Neighbor Unreachability Detection tackles).

The Neighbor Discovery protocol provides a multitude of improvements over the IPv4 set of protocols:

Router Discovery is part of the base protocol set; there is no need for hosts to "snoop" the routing protocols.

Router Advertisements carry link-layer addresses; no additional packet exchange is needed to resolve the router's link-layer address.

Router Advertisements carry prefixes for a link; there is no need to have a separate mechanism to configure the "netmask".

Router Advertisements enable Address Autoconfiguration.

Routers can advertise an MTU for hosts to use on the link, ensuring that all nodes use the same MTU value on links lacking a well-defined MTU.

Address resolution multicasts are "spread" over 16 million (2^24) multicast addresses, greatly reducing address-resolution-related interrupts on nodes other than the target. Moreover, non-IPv6 machines should not be interrupted at all.

Redirects contain the link-layer address of the new first hop; separate address resolution is not needed upon receiving a redirect.

Multiple prefixes can be associated with the same link. By default, hosts learn all on-link prefixes from Router Advertisements. However, routers may be configured to omit some or all prefixes from Router Advertisements. In such cases hosts assume that destinations are off-link and send traffic to routers. A router can then issue redirects as appropriate.

Unlike IPv4, the recipient of an IPv6 redirect assumes that the new next-hop is on-link. In IPv4, a host ignores redirects specifying a next-hop that is not on-link according to the link's network mask. The IPv6 redirect mechanism is analogous to the XRedirect facility specified in [SH-MEDIA]. It is expected to be useful on non-broadcast and shared media links in which it is undesirable or not possible for nodes to know all prefixes for on-link destinations.

Neighbor Unreachability Detection is part of the base, which significantly improves the robustness of packet delivery in the presence of failing routers, partially failing or partitioned links, or nodes that change their link-layer addresses. For instance, mobile nodes can move off-link without losing any connectivity due to stale ARP caches.

Unlike ARP, Neighbor Discovery detects half-link failures (using Neighbor Unreachability Detection) and avoids sending traffic to neighbors with which two-way connectivity is absent.

Unlike in IPv4 Router Discovery, the Router Advertisement messages do not contain a preference field. The preference field is not needed to handle routers of different "stability"; the Neighbor Unreachability Detection will detect dead routers and switch to a working one.

The use of link-local addresses to uniquely identify routers (for Router Advertisement and Redirect messages) makes it possible for hosts to maintain the router associations in the event of the site renumbering to use new global prefixes.

By setting the Hop Limit to 255, Neighbor Discovery is immune to off-link senders that accidentally or intentionally send ND messages. In IPv4, off-link senders can send both ICMP Redirects and Router Advertisement messages.

Placing address resolution at the ICMP layer makes the protocol more media-independent than ARP and makes it possible to use generic IP-layer authentication and security mechanisms as appropriate.
 
You call me out for saying Windows 10 is a hostile OS, then you tell me it should be beaten into submission? Uh huh.

EVERY DEVICE on my network gets beaten into submission, it's what we do. I have NEVER found something that works with the default config.

You can no more build a simple LAMP server without tweaking than you can a Windows client.
 
I see this more as an IT problem than a Win10 problem. They should have taken control and locked that thing down way before it was in a room with a patient.

I have little regard for lazy hospital IT staff.
Enterprise and embedded flavors of windows 10 have very clear settings for not auto updating. I am hard pressed to believe any piece of medical equipment would ship with windows 10 home edition or even pro.
 
Personally I think the updating part is only part of the issue. This was the ONLY machine that they had to do the survey (that is at least the word that the page translated to). Yes the timing was bad, but why isn't there a spare computer in case that one breaks or does something like this. For something as major as a hospital you would think having a spare for major standard every day devices would be a must have when you are dealing with a good hospital.
Better question is why Windows is being used for something critical.
 
We all loathe software updates regardless if they are Windows updates, phone updates, etc. They interrupt our train of thought and sometimes they commandeer our devices and restart them on their own. A Norwegian hospital, Ostfold Hospital, experienced the nightmare of a lifetime as a patient who had already been administered anesthesia was unable to be examined because the hospital's PC decided to start a software update. This of course ended the anesthesia treatment and the subsequent examination had to be rescheduled. Luckily the patient was only in for a scheduled exam and the situation was not an emergency. Regardless it was surely a black eye for the hospital rated as one of "Europe's very best in the use of new technology in treatment."

The hospital has subsequently modified routines so that such events can not happen again. - The routines have been reviewed and changed, and in principle it should not happen again. This type of PC should no longer be able to go to update without getting started manually, says Vist.
Honestly, shouldn't this be more of an IT issue as well as windows 10. IT should schedule updates late at night when no one is around. Then again, sometimes my laptop updates whether I want it to or not.

Either way, I work at a hospital and that is embarrassing.
 
This is critical hospital equipment...... Why in the name of all that is holy is it connected to the internet, I could see it connecting to an intranet for management or monitoring but this should not have outside access, what does it need it for... (Windows updates apparently) .... That is what an WSUS server is for. This whole situation just stinks of poor IT management practices.
Most computers in a hospital setting are connected to intranet. But yeah, IT dropped the ball on this one.
 
That's how IPv6 works. Windows 10 is not operating in an unexpected manner. Disable IPv6 and what you're talking about goes away.

Best I could find on short notice:
It's some good info and I do see where you are coming from. If you beat on the OS and sniff all the packets,disable what you don't like, it will behave.

The fact that I have to think about protocols to disable when I install Windows is not really a place most normal people instantly go when choosing and installing an OS.

On a related note, one thing that really upsets me is: IPv6 sounds really great, there is a problem though, it's much easier to track down than IPv4, so it's ideal for surveillance, even more than they already have now. The fact that the new Chrome browser auto logs you into Google, and you can't disable it in the Beta, seems to point toward some tightening on being anonymous. It's really getting bad. Seems they just want to tighten the data on everyone to so specific you'll be watched like a bug under a microscope.

The fact that ISPs can store and sell your data is not something I would image most people like, yet it's OK by the FCC now. I guess goodbye freedom, or was it already mostly gone?
 
windows 10 pro and GPedit and set it to ask before download and install done , you just get a notification when update is waiting (other options as well)
 
windows 10 pro and GPedit and set it to ask before download and install done , you just get a notification when update is waiting (other options as well)

I still don't like the fact MS changes or disables settings like that occasionally, and it only works on Pro, but that is a really good tip. I'm trying to be positive so maybe they will stop changing or removing features.:)
 
I wonder if the person that normally uses the computer just kept putting off the updates until the deadline came due for the updates.

Same thing happens where I work. People refuse to let Microsoft System Center install the updates and then complain about it rebooting after 2 weeks of warnings every few hours.

Some people are just dumb like that.

We do have some machines that run long tests and such that are exempt from forced updates.. but those same computers are generally only ever hooked up to the network for the purpose of installing updates or software.
Windows 10 in it's default configuration does not prompt. It just reboots when it feels like it without warning, running apps be damned.
 
Sounds like click bait and bs , any IT team worth anything would setup updates properly with whatever suits the enviroment best , and would at least use WSUS if not SCCM.
and of course the PCs would be locked down properly with GPO
 
windows 10 pro and GPedit and set it to ask before download and install done , you just get a notification when update is waiting (other options as well)
That gpedit option does not work in W10 Pro, it is there, but has no effect since at least the last two creator's updates.

The only thing that keeps w10 from randomly rebooting on you is if you pause updates in the advanced options of the peasant update settings. And of course that is only a temporary measure, and an inconvenient one. I don't want to pause updates just want it to wait for confirmation before rebooting.
 
Better question is why Windows is being used for something critical.

Or WSUS, there should be a proper updating management tool with specific windows for updates, restarts etc.
 
This is critical hospital equipment...... Why in the name of all that is holy is it connected to the internet, I could see it connecting to an intranet for management or monitoring but this should not have outside access, what does it need it for... (Windows updates apparently) .... That is what an WSUS server is for. This whole situation just stinks of poor IT management practices.

Par for the course, sadly. Probably connected so IT can access/configure off-site.
 
If they were smart they would disable the updates and let the admin/staff do the rollouts themselves.
A ton of devices are sold with Windows installed to run the hardware, their maintenance is outside the normal IT department and run by original manufacturer. There is no one locally able to turn off updating and manually force updates, if that is even possible.
 
This is critical hospital equipment...... Why in the name of all that is holy is it connected to the internet, I could see it connecting to an intranet for management or monitoring but this should not have outside access, what does it need it for... (Windows updates apparently) .... That is what an WSUS server is for. This whole situation just stinks of poor IT management practices.
If you're not patched, you're vulnerable to exploits. If you're on the intranet, you're on the internet indirectly and still vulnerable.
 
This is critical hospital equipment...... Why in the name of all that is holy is it connected to the internet, I could see it connecting to an intranet for management or monitoring but this should not have outside access, what does it need it for... (Windows updates apparently) .... That is what an WSUS server is for. This whole situation just stinks of poor IT management practices.

To my memory the articles didn't specify what type of equipment, so the criticallness of it seem a to be solely guess based or strongly subjective in your post.
Never the less you have to realize this is a Scandinavian country and not the thurd world of US. Everything is pretty much online. The health system works a lot better over there.

Judging the entire IT structure on a single situation seems to just be the usual " well i know better because I think im smarter" attitude rather than based on any real analyses.



I would just really preffer if people could go back to debate facts. Instead of trying to come of as smart on a forum by extrapolation and making up things.
 
Last edited:
Oh god, get over Win10 being a hostile OS. Like ANYTHING it can and should be beaten into submission. And yeah, any staff that throws out a Win10 deployment that doesn't call home to your own servers is LAZY in a fucking enterprise setting.

And it sounds like you might need to have a long talk with your boss...



I suppose since I'm deploying 100% via SCCM I see things a bit different than most. Win10 does exactly what we tell it to. Nothing hits the floor that isn't a fresh install based on one of our test builds.

Same thing we did on Win7, just newer tools.


THANK YOU for posting this...I also image and deploy computers using SCCM/MDT (Win10 Enterprise) at work, and ALL updates are manually validated before being green-lighted, and they can only be installed during off-hours.

This hospital story is a direct reflection of how shitty the IT PC software administration is from the hospital, itself.

I get that most hospital don't have "off-hours" since they are 24/7/365 operations, so that's when critical PC asset management with redundancy comes into mandatory play.
 
if it was a specialised piece of diagnostic equipment it may be only the manufacturer who can service it, that includes any software installed on it afaik.
 
See, now maybe I am not fully understanding what the article is trying to say as I don't know how well the translation was but it sounded to me like this was not controlling the anesthesia. It sounded to me like this was a device used to access patient information. Like the carts they take around to do admissions at many hospitals.
Whoa dude one does not read the article before commenting.
 
Personally I think the updating part is only part of the issue. This was the ONLY machine that they had to do the survey (that is at least the word that the page translated to). Yes the timing was bad, but why isn't there a spare computer in case that one breaks or does something like this. For something as major as a hospital you would think having a spare for major standard every day devices would be a must have when you are dealing with a good hospital.

It's all about cost (hospitals are businesses after all).

We have a customer who occasionally sends us little blue shoebox computers that run some sort of cancer related equipment for repair. These boxes run windows XP and are essentially core 2 duos pcs that cost hundreds of thousands of dollars (not a typo, $100,000+). Thank god they don't get connected to the internet at least.
 
Written into the Windows EULA:

"This software is not suitable for Mission Critical Applications"

This is why closed loop, ground up systems are sometimes better: More hack proof, and guaranteed stability through lack of change in operating conditions (ie: side software running in background which aren't critical to the main purpose)
 
It's all about cost (hospitals are businesses after all).

We have a customer who occasionally sends us little blue shoebox computers that run some sort of cancer related equipment for repair. These boxes run windows XP and are essentially core 2 duos pcs that cost hundreds of thousands of dollars (not a typo, $100,000+). Thank god they don't get connected to the internet at least.

In defense of the company, FDA regs and testing make testing certification a costly and long process. Any changes require re-certification. Any anomalies/changes in operation have to be logged via CFR21 Part 11.

That said as windows XP is no longer supported, the gov't should put a regulation in there that removes certification once support ends.
 
Slightly off topic but...

Is there any way to stop Win10 from updating? Have a PC that needs 100% uptime. Automatic updates are a big nono

If it doesn't need access to the internet, don't give it a default gateway or block it from the internet with your firewall.
 
Slightly off topic but...

Is there any way to stop Win10 from updating? Have a PC that needs 100% uptime. Automatic updates are a big nono

On a domain per administrative policy you can FORCE windows update to download updates only approved by IT.

Or you can go into windows 10 windows update and configure advanced options and turn it off.
 
Oh god, get over Win10 being a hostile OS. Like ANYTHING it can and should be beaten into submission. And yeah, any staff that throws out a Win10 deployment that doesn't call home to your own servers is LAZY in a fucking enterprise setting.

And it sounds like you might need to have a long talk with your boss...



I suppose since I'm deploying 100% via SCCM I see things a bit different than most. Win10 does exactly what we tell it to. Nothing hits the floor that isn't a fresh install based on one of our test builds.

Same thing we did on Win7, just newer tools.

Not only that but the update screen says Software Center. Which means this computer DID do exactly what someone told it to do. That person fucked up, whoever triggered the deployment, and not Windows 10.
 
Jesus.

I work in a hospital, we have a few, very few, windows computers that are actual desktops, and that is just because we need a few with CD drives to display Imaging. Every other one is a WYSE terminal running a locked down remote instance of Windows on our servers via CITRIX
 
Last edited:
That gpedit option does not work in W10 Pro, it is there, but has no effect since at least the last two creator's updates.

The only thing that keeps w10 from randomly rebooting on you is if you pause updates in the advanced options of the peasant update settings. And of course that is only a temporary measure, and an inconvenient one. I don't want to pause updates just want it to wait for confirmation before rebooting.

in what way does it not work

set it to GPedit > Computer Configuration > Admin Templates > Windows Components > Windows Update > Configure Automatic Updates > pick Enabled and use > 2 - Notify before downloading and auto install (make sure "Install During Automatic Maintenance" is unticked)

Do Note 3rd option > "3 - auto download and notify to install" seems to not work and still install them even though it says it will notify you so i changed it to 2 option (200-500mb updates in one go are nothing to me)

i also via normal windows update page > adv options > set windows to non targeted channel , 100 days delay on feature upgrades and 15 days on normal updates (as MS can no longer bother to test there updates properly any more MS norm pulls buggered updates within 7 days when they release a broken update and push out a fixed one)

It Can not install the updates until you press check for updates (pressing check for updates seems to be the same as pressing download) or press download (you get a notification bubble when ever there are updates waiting to download next to clock and a popup near it as well)

Note install your own antivirus as that auto disabled windows defender (witch i expect most would do on here) as windows defender will cause endless windows update notifications that there are updates available as it uses windows update to get windows defender updates
 
Last edited:
in what way does it not work

set it to GPedit > Computer Configuration > Admin Templates > Windows Components > Windows Update > Configure Automatic Updates > pick Enabled and use > 2 - Notify before downloading and auto install (make sure "Install During Automatic Maintenance" is unticked)

Do Note 3rd option > "3 - auto download and notify to install" seems to not work and still install them even though it says it will notify you so i changed it to 2 option (200-500mb updates in one go are nothing to me)

i also via normal windows update page > adv options > set windows to non targeted channel , 100 days delay on feature upgrades and 15 days on normal updates (as MS can no longer bother to test there updates properly any more MS norm pulls buggered updates within 7 days when they release a broken update and push out a fixed one)

It Can not install the updates until you press check for updates (pressing check for updates seems to be the same as pressing download) or press download (you get a notification bubble when ever there are updates waiting to download next to clock and a popup near it as well)

Note install your own antivirus as that auto disabled windows defender (witch i expect most would do on here) as windows defender will cause endless windows update notifications that there are updates available as it uses windows update to get windows defender updates
Just as you say, option 3 is ignored, it will still install updates and re-start the computer unattended without user consent.

No matter what settings you use rebooting is going to be automatic or at best opt out. That is garbage. And useless for me. Reboots should be opt-in. Not opt-out.
 
  • Like
Reactions: dgz
like this
Just as you say, option 3 is ignored, it will still install updates and re-start the computer unattended without user consent.

No matter what settings you use rebooting is going to be automatic or at best opt out. That is garbage. And useless for me. Reboots should be opt-in. Not opt-out.

is that all you looked at "installs anyway" ,, Option 2 - Notify before downloading and auto install it Works perfectly fine (as long as the Install During Automatic Maintenance is also unticked on the same "Configure Automatic Updates" policy option)
 
Last edited:
Back
Top