Software Patch Disruption Impacting Healthcare InstitutionsSoftware Patch Disruption Impacting Healthcare Institutions On July 19, a software patch released by CrowdStrike caused widespread outages at organizations using Microsoft Windows devices. The issue resulted in the “blue screen of death” error, disrupting operations at healthcare institutions, airlines, and other large enterprises. What is CrowdStrike? CrowdStrike provides cybersecurity software that detects and prevents cyberattacks. Its Falcon platform monitors devices for threats, including hacking attempts and viruses. The software is used by major corporations, including healthcare systems, banks, and airlines. July 19 Outage Details The faulty patch affected Windows operating systems, resulting in system outages on approximately 8.5 million devices. Hospitals, clinics, and other healthcare providers experienced cancellations of surgeries, procedures, and appointments. Healthcare Implications The outage caused significant disruptions in healthcare operations: * Hospitals switched to manual operations, working on paper and using downtime protocols. * Surgeries and procedures were postponed, impacting patient care. * Electronic health records and telehealth services were unavailable, hindering communication and treatment. Sequel Story Ideas * Congressional Testimony: Republican leaders in Congress have summoned CrowdStrike CEO George Kurtz to testify on the outage’s cause and prevention measures. Reporters can cover the testimony and interview experts on Kurtz’s statements. * Malicious Fix File: CrowdStrike has warned of a fake fix file circulating that contains malware. Journalists can investigate companies affected by the outage to see if they received the file and how they responded. * Lawsuits: Previous incidents involving cyberattacks have resulted in lawsuits. Reporters can monitor for potential legal actions related to the CrowdStrike outage. * IT Lessons Learned: Hospital IT staff can provide insights into their downtime procedures, restoration efforts, and lessons they learned from the incident. * Vendor Testing Practices: Journalists can interview CrowdStrike or other vendors on their software testing procedures and how they ensure the reliability of updates. * Patient Impact: Reporters can reach out to patients whose treatment was delayed to understand the personal impact of the disruption. Helpful Links * [CrowdStrike’s Statement](https://crowdstrike.com/blog/falcon-platform-update-impacting-microsoft-windows-machines/) * [Microsoft’s Status Update](https://status.azure.com/en-us/status) * [Becker’s Health IT Coverage](https://www.beckershospitalreview.com/cybersecurity/crowdstrike-users-hit-with-widespread-outages-amid-software-update.html)
On July 19, a CrowdStrike software patch contained an undetected flaw that severely disrupted operations at large enterprises and healthcare institutions using Microsoft Windows devices.
In what is reportedly the largest IT outage in history, more than 36,000 flights were canceled worldwide. Courthouses across the country closed or delayed trials. As hospitals and healthcare systems continue to recover, there are still plenty of ideas for journalists to pursue. This tip sheet offers an update on what happened and some ideas for stories on Day Two.
What is CrowdStrike?
CrowdStrike makes software designed to detect and prevent cyberattacks. Its Falcon platform is designed to monitor a company’s machines for hacking attempts, viruses and other threats, the Wall Street Journal reported. The product is used by several major companies, including airlines, banks, hospitals and health systems.
On July 19, an update from the company caused machines running Microsoft Windows operating systems to crash due to a compatibility error, resulting in the “blue screen of death” — a term used to describe an error screen that appears on PCs when they overheat or experience a critical issue.
What happened on July 19?
A faulty content update released to customers running Windows operating systems caused system outages. Microsoft estimated that 8.5 million Windows devices were affected, Becker’s Health IT reported.
George Kurtz, CEO of CrowdStrike, posted on X (formerly Twitter) that the outages were not caused by a security or cyber incident, and that they “deeply apologize for the inconvenience and disruption” and have implemented a fix.
Microsoft said it deployed hundreds of engineers and experts to restore services and kept customers updated about the incident via an online dashboard, Healthcare IT News reported. The situation “is a reminder of how important it is for all of us in the tech ecosystem to prioritize safe deployment and disaster recovery using the mechanisms in place,” Microsoft said in a blog post.
What were the implications of this for healthcare?
Hospitals and other health care providers affected by the outages canceled surgeries and other procedures, switched to downtime operations when possible, and worked on paper. Kaiser Permanente activated its national command center in response to the “unprecedented” disruption, the New York Times reported.
Banner Health in Phoenix closed clinics, urgent care centers and other outpatient facilities. Mass General Brigham in Boston canceled all nonurgent procedures, surgeries and visits. Upstate University Hospital in Syracuse, N.Y., postponed some outpatient services and procedures, including lab appointments.
Other large institutions affected include Duke Health, Memorial Sloan Kettering Cancer Center and Seattle Children’s Hospital. CommonSpirit Health in Chicago canceled some appointments but restored operations to enough equipment to stay open, the Wall Street Journal reported.
Additionally, many 911 and non-emergency centers were disrupted. Community pharmacy services, including obtaining prescriptions and having medications delivered, were also disrupted. Labcorp said the outage affected its ability to provide lab results.
“This is worse than a cyberattack,” B.J. Moore, chief information officer of Providence Health system in Renton, Washington, told the Times. The outage affected the health system’s IT network and the computers of its partners. The health system operates 52 hospitals in seven states and 1,000 clinics.
Some features of Epic’s electronic health records, such as its telehealth visit platform, were unavailable during the outage. Hospital systems including MassGeneralBrigham; RWJBarnabas Health in West Orange, N.J.; University of Vermont Health Network; and Harris Health System in Bellaire, Texas, said they had restored operations by July 22, Becker’s Health IT reported. But full recovery could take weeks for others.
Sequel story corners to explore further
- Republican leaders of the U.S. House Homeland Security Committee called Kurtz to testify on Capitol Hill to explain how the outages occurred and what “mitigation steps” the company is taking to prevent future episodes, the Washington Post reported. Journalists could cover that testimony, if/when it happens, and interview other IT experts about what Kurtz says and recommends.
- CrowdStrike warned that hackers are sending out a malicious, fake fix file called crowdstrike-hotfix.zip and working directly with company representatives. The file contains malware that allows hackers to remotely monitor their devices. Spanish file names and instructions suggest the hackers are targeting customers in Latin America, they said. Journalists could interview companies affected by the outage to see if they received the file and what they did with it. Or they could talk to IT experts about how to spot fake files like this.
- Sometimes lawsuits are filed even months later, as was the case this month, when at least two complaints were filed against Lurie Children’s Hospital of Chicago seeking class-action status. They allege the medical center failed to keep its patients safe after a cyberattack crippled its systems for months, ABC7 Chicago reported. If lawsuits emerge from this incident, that could be quite a story.
- Talk to the hospital’s IT staff about what downtime procedures they had in place during the outage, how long it took to restore services, and what lessons hospitals can learn from the incident. Zafar Chaudry, MD, chief digital and information officer for Seattle Children’s Hospital, told Becker’s Health IT that the incident underscored the hospital’s reliance on third-party vendors for critical infrastructure. Future outages could be prevented, he said, by reducing reliance on a single vendor for software platforms, better evaluating those companies’ security practices, regularly testing emergency response plans, and implementing data backups.
- Talk to CrowdStrike (or other vendors) to ask how they test software patches and updates before sending them out to customers. Jeffrey Ferranti, MD, chief digital officer of Duke University Health System, wondered in an interview with Becker’s Health IT why the update wasn’t tested in a small group first to iron out the issues before rolling it out widely.
- Talk to patients whose treatment or other tests have been cancelled to hear how the disruption is impacting them.
