Memories now of what we were given at the hospital long ago: our obstetrics ward was using Philips OBTraceVue software. The original FDA-approved system required Philips to package the OS and hardware all together, so we were given a bunch of generic Compaq desktops to run their fetal heartrate monitoring on.

The biggest annoying complaint was "we want to run our EHR software on it!" but because of the FDA requirements, we weren't allowed to install anything on the box. Yet somehow providing AV could be OK in some cases, and in other cases installing Citrix? And then we'd somehow find out someone managed to install the EHR client onto it anyways and it became a big old mess to have to have Philips come send a tech out of their own to reimage a PC we couldn't "legally" service.

It was a big messy pain for a while back in the day. Was happy when we finally got to upgrade to the newer IntelliSpace software on our own PCs in the ward. (Also got to meet a support engineer that came out rocking an Agilent badge, so that was super cool on its own right of history...)

> somehow providing AV could be OK in some cases, and in other cases installing Citrix?

The only way this could possibly have passed FDA scrutiny would be if the original manufacturer had validated this particular system configuration and approved it.

There's probably tons of stuff like this going on all over the place, but it manages to say under the radar, so no one notices it. But with the FDA's increased scrutiny on cybersecurity it will eventually disappear.