The Buzz This Week
On July 18, cybersecurity firm CrowdStrike released an update to its Falcon Sensor product that inadvertently caused a massive IT outage. This glitch affected approximately 8.5 million Windows devices, more than a million of which are utilized by healthcare organizations. The bug in the update triggered a critical “blue screen” error, preventing many systems from rebooting.
The healthcare sector, already grappling with the aftermath of the Change Healthcare ransomware attack, found itself in turmoil once more. According to Neil MacDonald, Vice President and Distinguished Analyst at Gartner, this is the largest outage in a decade. Major hospitals and health systems had to postpone some services. According to the American Hospital Association, the severity of the outage varied across health systems. Those hardest hit activated backup plans and adjusted workflows while their IT systems were manually restored.
By Monday, most US hospitals and health systems had returned to nearly normal operations, thanks to intense recovery efforts over the weekend. However, these institutions are now dealing with downstream impacts from the outage, such as data backlogs, delayed treatments, and ongoing vulnerability assessments.
The outage also prevented hospitals from using Epic’s tools and products, forcing medical staff to revert to pen-and-paper charts. The outage also affected Epic’s cloud-based platform, Nebula, which uses Microsoft’s Azure, disrupting features like telehealth visits.
The recovery process is expected to take several days, especially for larger organizations with thousands of computers down. Smaller rural health systems, which often lack formal IT departments, may face even greater challenges in getting back online.
Why It Matters
The CrowdStrike outage underscores the critical need for healthcare organizations to prepare for vulnerabilities caused by heavy reliance on a few key technology vendors, as evidenced by the widespread disruption from this single incident.
Mitesh Rao, CEO of OMNY Health, stated during an NPR interview, “Everything runs on Windows in healthcare. Anytime you have one system driving so much, there’s a high risk of impact from failure. There are patients coming in through the emergency department every second who need immediate care. There’s car accidents. There’s heart attacks. There are people giving birth, all sorts of stuff just happening constantly.”
The federal Cybersecurity and Infrastructure Security Agency (CISA) warned that malicious actors might exploit the chaos caused by the outage for phishing and other harmful activities. CrowdStrike also cautioned that hackers were distributing a fake file, claiming it as a solution to the issue. This rapid exploitation of the situation highlights the urgent need for robust cybersecurity measures.
The interconnected nature of modern healthcare IT infrastructure means that a single point of failure can have far-reaching consequences. Unlike a targeted cyberattack that affects a single organization, this outage disrupted multiple companies that hospitals rely on. This incident serves as a stark reminder that technological resilience is essential to protect patient care and organizational operations.
Developing comprehensive disaster recovery, business continuity and communications plans is essential for mitigating the impact of future disruptions. By focusing on resilience, healthcare providers can enhance their ability to withstand and recover from unforeseen IT challenges.
RELATED LINKS
Axios:
Health system's tech vulnerabilities exposed again
Becker's:
'Worse than a cyberattack': 10 notes on the Microsoft-CrowdStrike IT outage
Healthcare Dive:
CrowdStrike outage hits US hospitals
Health Leaders Media:
Healthcare Takes a Breath After CrowdStrike Scare
WSJ Pro:
Fast and Automated: Global Tech Outage Shows Hazards of Cloud Software Updates
Editorial advisor: Roger Ray, MD, Chief Physician Executive.
