DIY Dongle Breathes Life Into Broken Ventilators

We have a new hero in the COVID-19 saga, and it’s some hacker in Poland. Whoever this person is, they are making bootleg dongles that let ventilator refurbishers circumvent lockdown software so they can repair broken ventilators bought from the secondhand market.

The dongle is a DIY copy of one that Medtronic makes, which of course they don’t sell to anyone. It makes a three-way connection between the patient’s monitor, a breath delivery system, and a computer, and lets technicians sync software between two broken machines so they can be Frankensteined into a single working ventilator. The company open-sourced an older model at the end of March, but this was widely viewed as a PR stunt.

This is not just the latest chapter in the right-to-repair saga. What began with locked-down tractors and phones has taken a serious turn as hospitals are filled to capacity with COVID-19 patients, many of whom will die without access to a ventilator. Not only is there a shortage of ventilators, but many of the companies that make them are refusing outside repair techs’ access to manuals and parts.

These companies insist that their own in-house technicians be the only ones who touch the machines, and many are not afraid to admit that they consider the ventilators to be their property long after the sale has been made. The ridiculousness of that aside, they don’t have the manpower to fix all the broken ventilators, and the people don’t have the time to wait on them.

We wish we could share the dongle schematic with our readers, but alas we do not have it. Hopefully it will show up on iFixit soon alongside all the ventilator manuals and schematics that have been compiled and centralized since the pandemic took off. In the meantime, you can take Ventilators 101 from our own [Bob Baddeley], and then find out what kind of engineering goes into them.

51 thoughts on “DIY Dongle Breathes Life Into Broken Ventilators

  1. I don’t know why the article is blaming the companies, I don’t believe the author is that naive but maybe they are an easy target.

    If they let some schmo fix the ventilator and later it kills someone (perhaps someone who would have survived without a vent at all). Then people go knocking at the manufacturers door.

    Regulators could help by protecting manufacturers from any come back for poorly maintained or fixed ventilators then lower the barrier to entry to the market and suddenly this problems goes away.

      1. Don’t think a hospital tech is the definitve source on such a matter, especially via chinese whispers. But that would be good news.

        From my experience that is far from true. Unfortunately, a lawsuit you know you can beat is still often not worh the hassle.

        The Vaginal Mesh controvesy is a good example of how manufacterers can end up being persued pretty much at all costs if their product is called into question. I can imagine in some places – like the US – where liability and fault is tenacious and spreads rapidly into all parties manufacterers will be increasingly incentivised to make products almost impossible to service.

      2. Unfortunately, that makes little difference in the real world.

        One of the companies I work for is still, after 12 years, tied up in a lawsuit over liability for a wrongful death. The work we did didn’t fail. It wasn’t even involved with what did fail. Even if our work HAD failed, we would be, legally, held harmless, by contract and by statute, and this was acknowledged by the plaintiff up front. We are still paying attorneys and keep getting dragged in to court.

        There are actual issues here. But we aren’t who should be getting sued. Unfortunately, most of the ones who should are, for practical purposes, untouchable (not in the US, company shut down to avoid the suit, or deceased). So, TAG! You’re it! is the game.

      3. That’s great. I’m glad we have a qualified lawyer for the jurisdiction of “Earth” who can speak on the matter. It’s a shame his jurisdiction doesn’t extend to space, but there’s probably no ventilators on the ISS.

        Seriously, “Someone, with no qualifications and an unknown jurisdiction said…”? HAD deserves better than this.

    1. Back in the days of paper, almost every datasheet had an identical disclaimer on the last page noting that this particular part WAS NOT good enough for use in medical devices.

      Which was especially amusing seeing as we were paying extra for the mil-spec parts.

      I asked a TI rep about it once, wondering if there was actually some difference, maybe some certification thing.

      He said “Naw, if they can go into space they can go in a pacemaker. It’s just that if a medical machine fails *everyone* that touched it in any way get sued. Especially high profile industrial companies that are perceived as an easy target to write a “go away” check.”

      He himself had witnessed this several times, and after one or two rounds most companies just abandon the market, leaving it to dedicated medical device vendors that can then charge 10x normal.

  2. From what I’ve learned listening to the This Week In Virology podcast, a very very high percentage of COVID-19 patients who have to be put on ventilators subsequently die, so doctors are now avoiding that step whenever possible. It’s unfortunate that the tremendous expense and fuss we’ve gone through in obtaining ventilators hasn’t repaid us with better outcomes. The medical profession did what it thought best at the time, but COVID-19 has upended a lot of what we thought we knew.

    1. Yes I understand it’s an 80% mortality rate of ventilated patients. Protocols are changing in some places to introduce no invasive ventilation / high flow oxygen therapy etc. earlier as I understand it to prevent the deterioration of lung function.

      I was upgrading some NIV machines to enable high flow therapy but had to stop as there appears to be a software issue casuing the machine to output a significantly lower flow than is called for. The manufacturer is looking into it.

      But of course everything is hidden behind layers of obscurity so no chance of an outside party looking into the source code.

      1. “Post hoc ergo propter hoc”

        Its not the vent that causes the 80% mortality, its the severity of the disease that requires the vent, hence because the disease is more severe the mortality is higher.

        Avoiding the ventilator does not change the severity of the disease, really it just shows how depressing and futile some of the care is.

    2. Having to use a mechanical ventilators (CPAP, BiPAP) is never a good thing. It may relieve a symptom and thereby keep a person alive. But it generally does nothing to solve the underlying problem. However, it does come with significant risks of long-term damage or death. Especially with prolonged usage such as is needed to treat the worst off Covid19 patients.

      That being said, for Covid19 and some other conditions, it’s the best we have. If a patient suffering from Covid19 has to be put on a ventilator, there is a very real chance the patient will not wake up again. Depending on the numbers, survivability may be as low as 10%. But that is still far from 0. Every day there are people on mechanical ventilation who recover from Covid19. And yes, although new insights in Covid19 treatment causes doctors to wait longer before using a ventilator, there still is a big shortage in some states of the US.

      Where I come from, that is enough to justify the “tremendous expense and fuss”

    3. It seems that what we need is more ECMO, in my city, all COVID patients that are severe get put on ECMO, rather than ventilators, ventilators are kept as support for patients with less severe symptoms.

      Severe patients will die even on respirators because their lungs still get destroyed by the virus, and a respirator won’t help with that, what they need is to stop breathing altogether to let the lungs wait out the damage and then heal, even then, severe patients still die on ECMO….

      Unfortunately, ECMO isn’t really one of those things that one can hack away at like making a bag squeezer with an arduino.

    4. It’s been found that many of the patients can get by without a ventilator by placing them on their stomachs. Of course the hospital that came up with that couldn’t just say “Try putting them on their stomachs.”. Nooo. They call it “proning” and use six people to roll a person over. Do a search on covid-19 proning

    5. I think it’s an illustration of our medical system’s systemic tendency to vastly exaggerate certain risks, while ignoring others. And of course moving towards profit like a plant grows towards light. Not a conscious conspiracy, that would be idiotic—it’s happening all around the world, coordination like that would be impossible. Yet here we are, most likely through some mindless bias pointlessly built in to our basic medical philosophy. Every expert was wrong at every turn (so why do we venerate them??), the risk of this disease was vastly overhyped, people were plugged into vents for weeks or even months, sedated the whole time—a death sentence for most healthy people. Statistics are obviously being counted in very sensationalist and deceptive ways. And now the whole thing has attained a momentum of its own, is being used for political purposes, has entered the libidinal public unconscious as a massive shibboleth, and researchers are now wary to come forward with any opinions that break from these obviously erroneous early findings. Which makes sense, it’s understandable now that we’re essentially in the middle of a war and nobody wants to be seen as treasonous. Any slight skepticism whatsoever is instantly being branded a conspiracy theory and political sacrilege at the same time. Nobody is doing evil on purpose; everyone is doing what they think is right at the time, as you said. But obviously the foundation has cracked somewhere if it’s causing this.

      In the coming years we’re going to be dismantling what is happening here and it’s going to be horrendous. We’ve caused a great depression that will ruin hundreds of millions of people and their offspring for generations, most likely kill hundreds of millions as well through famine and strife… for something that’s maybe two to five times as bad as a cold. The cruelty and cowardice of this moment is astronomical. And not for the reasons most people are harping about. This has all the markings of a massive moral panic.

  3. There would be company making ventilators, but if you took home all the parts and tried to assemble it yourself, you would somehow get AK-47 and some tank viewfinders.

  4. While COVID has brought these issues a bit more into focus, the DRM-ing and walled-gardening of medical systems by their manufacturing has been an issue for a long time. The problem is that the it’s a very hard issue to explain to the average lay-person (because why would they want their medical machines maintained by someone not trained and certified by the manufacturer?) and a very hard issue to really do something about for the medical professionals themselves (because who do you even begin to complain to that won’t fall into the trap of the lay-person or laugh in your face as they cart your employers money to the bank). The people who buy the equipment often don’t understand the issues involved in maintenance themselves and in general they always want the latest and greatest in medical care (because why wouldn’t they). So the people that end up having to keep the equipment running are stuck between a rock and a hard place.

    I don’t really have a good answer to any of this. The best would be proper legislations, but then you have to explain this stuff to enough politicians in such a way that they go against the medical industry shoveling money into their back pockets/campaign funds.

    1. Seems to me this “release from liability in a time of crisis” problem has already been solved. Perhaps by an executive order or maybe by the passage of a bill, but the concept is not new. In normal times, the argument for DRM on medical devices to limit liability is stronger, but extraordinary situations call for extraordinary measures, and if my choice is to die because the ventilator is broken, or live by using a hacked ventilator with no recourse if it fails, I’ll happily release the manufacturer from liability.

      1. Lawsuits nearly destroyed the light aircraft industry where people would park an old plane for months or years then hop in and try to fly without doing any checks or inspections. Crash from things like gummy oil, clogged fuel lines, cracked wire insulation, wasp nest in the carb etc. Then they or their families would sue the manufacturer. The costs of defending themselves against people too dumb to make sure their aircraft were safe to fly put many manufacturers out of business.

        The US government finally put an 18 year liability limit on small aircraft on product defects. IMHO that’s too long of a term. I’d say 5 years. Anything failing past that would almost certainly be due to wear and tear or bad maintenance.

    2. Inability to repair medical equipment is only going to get worse as the FDA demands real security against attack by a physically present user on a system with no keyboard to enter a password.

  5. Medical equipment is in a world all of its own. I used to hang around med equip auctions and often ended up buying hugely expensive not too old equipment for literally the cost of a pint of beer, simply as it has no resale value and the traders know they cant shift them. Dialysis machines being fairly core to this due to the complex but still widespread use, with leased machines and hugely expensive consumables its like the inkjet printer cartridge cost vs printer cost economy on steroids. Parted out 27 dialysis machines over a couple of years, all of them were arguable servicable, all same make and model and all were under 12 years old. Some really nice parts in them, at least they didnt hit the crushers.

    1. I’m like 99% certain that if I ever want to get close to one of those “A HA!” hacker moments with something awesome, I need to start hanging around auctions and the like more often.

      How did those usually work? Was it surplus stuff you browsed online then just picked up, or did you actually go to some in-person auctions for this kind of equipment?

    1. Definitely not here in northern New England. Our local hospital system all but shut down in March and is only now starting to bring all of the doctors, nurses, and other folks back in to work now (more than 50% of area medical staff were put on furlough). The hospital itself was like a ghost town (I was in there a couple times this year for non-Covid related problems). Filled to capacity? No, not even filled to its normal daily level. Not even close.
      On the flip side, I have never been treated in the ER quite so quickly and by so many people who seemed suddenly very happy to have an actual patient to work on.

      1. It should be possible to hire buses to shift some patients to hospitals with available space. Take some of the seats out to make room for equipment.

        The #1 thing needed for starting to fix health care issues in the USA is to get rid of the stupid territoriality of insurance coverage. Health and medical insurance ought to work like vehicle insurance. If your car gets wrecked, it doesn’t matter where in the USA it happens or where you bought the insurance, it’s covered.

        Health insurance bought anywhere ought to be odd in any hospital or clinic in the USA. Get rid of requirements to have physical offices and that would be a huge savings. Health insurance could be sold online like The General, Progressive and other vehicle insurance companies do where they operate out of one place but still have agents that come to you.

        But of course that’s one thing the Democrats will not budge on at all. Same for limits on lawsuit payouts and what’s actual negligence, malpractice, avoidable errors VS completely unforeseeable problems that result in injury or death. That’s why hospitals started doing more and more tests, trying to look for as many things as they could in a person that *might* possibly somehow cause a problem in the ER. Yet still there can be surprises that’ll kill a patient on the table – which absolutely nothing could be done to prevent – yet people still sue the doctors and hospitals. It’s also why they so often try to cover up genuine screwups and may even spend more money in legal defense than just doing a payout for their goof.

        Leaving an instrument in a person after a surgery. That’s a screwup that at the least the total cost of fixing should be on the hospital.

        Unpredictable deadly allergic reaction to a drug. Sorry, bad luck. No big $$$ for the relatives. So we get dumb taglines in drug ads “Do not take this drug if you’re allergic to this drug.” How can you know before taking it?

        Insurance companies of all types also need to be pulled up short on how they resist paying out when there’s no question at all they should be paying, for example their client was drunk, ran a red light and hit someone. Yet they’ll spend huge amounts of money on a legal defense they cannot win, just to drag things out hoping the victim will give up and go away.

        1. Here is the U.K., if you’re in a road traffic accident and the other guy is blind drunk, your insurance will still pay out to him rather than fight it, because it’s Cheaper than bothering to investigate and fight it.
          Of course, you end up paying a higher premium next year.

    2. The source of the problem is that US hospitals are constantly filled to capacity by design in the first place, it’s a flaw in our privatized healthcare system. They were at capacity this time last year, too. That’s the reason the system is overloaded and killing people. Not because some people went to the bar or some lady at wal-mart didn’t wear a mask (although I think people wearing masks during a flu or cold season is a somewhat good idea). If we had a medical infrastructure that wasn’t designed from the ground up to screw you as hard as possible and make a buck, this wouldn’t have been a blip on anyone’s radar. Covid is a nothingburger, we’re having a disaster because our hospitals and institutions in general are a sham of titanic proportions. It’s all hollowed-out and fake. The virus itself really is just a slightly more serious cold. Don’t listen to all the bullshit being spewed as cover for the fact that none of our systems work.

        1. It _is_ the case that countries with universal health coverage, either funded directly by the state or indirectly through payments and subsidies, do better than the US. The result is more striking if you look at it on a per-dollar basis. The US spends a tremendous amount of money on health, yet has only average outcomes for the civilized world.

          Lack of insurance is a huge problem in the US. People are reluctant to get treated early, because of the expense. So they end up waiting until it’s critical enough to go to the emergency room, where the costs of treatment are 4-10x higher. It’s strange but true that the free-market solution is not optimal here. Individual choices don’t sum up to the best outcome for the whole. (There are a ton of other examples — you’ll learn them in any second-year econ course, once you’re done with the easy intro stuff.)

          Of course, you can do free-market _and_ universal coverage. We have that system in Germany. Everyone has to have insurance, but if you’re rich, you get to choose your plan, but you have to pay. Insurance companies are private, but heavily regulated and with a mandate. Doctors practices are all private, and many hospitals too. There are also state-run and charity hospitals, just like in the states. Health outcomes are far better than the US, and with less expense, partly because the costs are kept down by law, and partly because people get early treatment. Doctors earn very well here, but not to the (IMHO outrageous) extent that they are in the US. I’d much rather get sick here.

          If you’ve only lived in the US, maybe you don’t have the breadth of experience to be making international healthcare comparisons.

          1. Thank you for a thoughtful reply. My original reply was not so thoughtful. I was reacting to the hyperbole by qwert that the system was designed from the ground up to screw you as hard as possible, and that “Covid is a nothingburger.” Some hospitals in the US are getting full, yes. But to claim that’s the reason why people are dying is ignorant.

            I have only lived in the US, but I don’t think any one person’s anecdotal experience, regardless of how many countries he has lived in, gives him such a breadth of experience on a complex topic like this. To make that kind of comparison you need to look at far more data and other people’s experiences. But, one of the reasons I keep up with HAD is the varied backgrounds and experiences of the readers and the staff. I’m the kind of person who likes my assumptions challenged, so I appreciate that.

            Respectfully, I think there’s a confusion of terms. Universal health coverage and socialized medicine are not the same thing. Health coverage in the US is 91.5% as of 2018, and roughly 2/3 of those covered have private coverage and the remaining 1/3 have public coverage. https://www2.census.gov/programs-surveys/demo/tables/p60/267/table1.pdf Rate of coverage in the US is significantly higher for those above the poverty line, and cost of coverage plays a large part in lack of coverage. According to https://www.commonwealthfund.org/international-health-policy-center/system-stats/experienced-access-barrier, 33% of Americans didn’t fill a prescription or visit the doctor or skipped medical treatment or test because of cost, vs 7% in Germany for the same survey question. So, to your point I agree (and the data supports) that health care is very expensive in the US, and I think that’s the primary problem.

            Canada is the typical example that gets used to argue against socialized medicine in the US, and it provides a different comparison to Germany. Public health coverage is universal, yet a significant portion of the population still has private health insurance, and wait times for care can be so high that people travel to other countries to get the care they need and pay out of pocket for it. The point being, there are other factors at play.

            I would like to see data on outcomes being far better for Germany than the US. One counter-example, breast cancer 5 year survival rates are 90.2% for USA and 86% for Germany in a 2015 survey https://www.commonwealthfund.org/international-health-policy-center/system-stats/breast-cancer-survival-rate. That’s a single data point, and possibly statistically irrelevant (this appears to be a survey, not a scientific study).

            I’ve rambled on long enough, so I’ll make my final point: I don’t think price controls are the answer either. Things like that don’t come without a cost. If it’s working for Germany, I’m willing to bet there’s something else going on.

          2. These discussions are always interesting to read.

            It’s hard to compare and contrast free-market healthcare vs. anything else, because nowhere in the world has free market healthcare. Not Germany. Not the United States. Nowhere.

            It’s hard to compare quality too, since different people have different definitions of what it means to have quality care. To some people, a 90 year old who dies during a hip transplant got better care, but to others, the 90 year old who was denied the transplant and didn’t end up as a failed transplant statistic got better care. To some people the 50 year old who lost their premature-born baby from an IVF pregnancy and contributed to increased infant mortality got worse care than the 50 year old who was denied IVF in the first place.

            The only thing we can really all agree on is that the US spends too much money for what we get. ’cause the system is designed to generate cash flow primarily.

      1. I was present when Terry Pratchett, well before being diagnosed with Alzheimer’s, was speaking about his experience with socialized medicine in his country. When presented with limited and protracted options for a serious diagnosis, he finally said to his care givers “Did I tell you that I’m fecking rich?” That got things moving. I have heard stories that some Canadians, to avoid lengthy wait times, have had diagnostic imaging done by veterinarians. According to the following article, wait times were six months for an MRI performed at a hospital. At a veterinary clinic, “The MRI can be booked within days, and the results are back in 48 hours.” The difference in wait times is credited to the veterinary services being privatized.

        https://www.thecanadianencyclopedia.ca/en/article/veterinary-care-faster-than-health-care-for-humans

        “t’s all hollowed-out and fake.” and “… is just a slightly more serious cold,” yet “the source of the problem” is privatized health care?

    3. I can report on Texas. Case counts are increasing especially in urban areas like Dallas and Houston, and hot spots are getting higher hospital activity. State wide, right now 10,471 in hospital with Covid, and also a little over 10,500 ICU beds available. Over 5000 ventilators available.

      State health services website for up to date data: https://txdshs.maps.arcgis.com/apps/opsdashboard/index.html#/3f048ced32804271aafe8b9640bcb4a7

      According to Dallas county https://www.dallascounty.org/covid-19/, as of 7/14/20, 421 confirmed Covid hospitalizations and 181 available ICU beds.

      Take that data how you will, but I’d say far from “full” yet in this state.

  6. I get the impression that some if not all of the commenters have not read the article linked to so I will just put this quote here. It sums up the whole problem and why this dongle was made.

    The technicians who are unable to gain access to repair parts, manuals, and software are not random people who are deciding on a whim to try to fix complex medical equipment that

    is going to be used on sick patients. Hospitals and trained professionals are regularly unable to fix the equipment that they own unless they pay for expensive service contracts or annual trainings from manufacturers.

  7. With security so lax it CAN be replicated on a medical device, Medtronic probably no longer sells this device because they aren’t allowed-to. Recent FDA guidance requires reasonable cybersecurity to get approval.

  8. Former employer made stuff that went into medical equipment (to include vents). When I left that company, they were the sole western manufacturer of that type of widgets. Otherwise you went to Asia. And all of the major medical equipment companies bought these widgets from my former employer.

    While I was at this company, we were dragged into 11 torts where our widgets had no contributory factor. And the root cause for *ALL* of these suits was not equipment failure but operator and/or hospital repair technician error. So the issue that these “trained professionals” had no access to manuals or parts is by freaking design. People are stupid and most are too stupid to know that they are stupid.

    And that former employer has been directed by the mother corporation to exit all medical equipment design and manufacturing. Your cost will increase and your risk will increase. At least I am smart just enough to know that I am stupid.

    1. We even had to add in a service manual :
      “None-listed commands and/or actions are not to be executed”…
      Because even “trained professionals ” would do stupid shit like run random commands…

  9. I work in designing test equipment for aerospace and have also worked in medical equipment design and development.

    There are multiple issues in play:

    Besides the whole issue of protecting IP, we also deal with approval, liability etc.

    E.g. a big and expensive scanner got an upgrade. The CEO decided, that Unix sucked, and Windows was the only way forward. So, the software including drivers were ported to Windows XP. The scanner was then running for years in hospitals, and the hospital decided that all equipment and data was going on network. Ok.. all had then access to data.. unfortunately, XP is not that secure anymore, so software upgrade?? No. Software was only made for new products leaving the old equipment vulnerable. And then the worm hit.. Ask a hospital to pay xxxxxxxxxxxxx money for a new scanner , because the old (working) scanner is no longer supported? Hardly. Have other people service it? No. Warranty void… pay for extension of XP? NOPE..

    So, you have a lot of old software running and companies wanna make money and not having to re certify old hardware and new software..

    Equipment and software are normally paired and thus preventing outside tampering.

  10. I am an physician with board certification in Internal Medicine and Nephrology, intensive care experience as well a hardware hacker and software engineer.

    Symptomatic COVID-19 patients in need of oxygen supplementation – especially these with comorbidites such and Diabetes, Heart Failure or Kidney Disease – tend to deteriorate in an foudroyant manner with rapid need of endotracheal intubation and mechanical ventilation (often 5 – 9 days after onset of symptoms).

    In these cases the absence of a mechanical ventilation or intensive care capacities is *literally* a death sentence.

    Medical technology is highly complex and requires qualified maintenance, in the optimal case done by a certified technician of the manufacturer.

    However, it is preposterous to require manufacturer-certified maintenance in all cases in a pandemic with a respiratory pathogen, where thousands of people just die!

    Manufacturers should be bound by law to provide (free) emergency technical training, spare (or equivalent) parts and close assistance to the local medical device technician in charge of repairing the respirator.

  11. I invite you to visit Australia, without travel insurance, and break your leg during your visit. Not really, I wouldn’t invite anyone to break a leg (except actors….)

    Universal health care in Australia – try it before you criticise it.

Leave a Reply to HenrikCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.