Faulty CrowdStrike Software Update Causing Major Disruption at U.S. Healthcare Organizations
After the massive disruption and financial difficulties caused by the Change Healthcare ransomware attack, the last thing healthcare providers need right now is further disruption; however, many hospitals have been forced to cancel appointments and delay services due to a faulty software update that has disabled their Windows devices.
While the update has affected Windows devices, the issue was a faulty software update from the Cybersecurity company CrowdStrike that affects users of its Falcon threat detection platform. It was supposed to be just another routine software update; however, the bug crashed Windows devices and triggered the dreaded blue screen of death, preventing Windows devices from rebooting and rendering them inoperable. Mac and Linux systems were not affected by the update.
“I want to sincerely apologize directly to all of you,” said CrowdStrike CEO, George Kurtz. “All of CrowdStrike understands the gravity and impact of the situation.” Kurtz stressed that there was no unauthorized access to systems, the problem has been identified, and the company has issued a fix that resolves the problem, but Kurtz warned that it will take some time for all systems to be restored.
While the instructions for fixing the problem are straightforward, they require action to be taken by end users, who may not be sufficiently technically skilled to take the required actions – starting the device in safe mode, locating and removing the faulty file, and rebooting. That means IT teams are likely to have the unenviable job of rectifying the problem across their networks manually on all affected devices, as the process does not lend itself well to automation. According to Microsoft, around 8.5 million Windows devices worldwide were disabled by the update, making this one of the worst cyber events in history.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“In a connected world, everything is interconnected and business continuity extends beyond your own business and IT operational control. These situations remind all of us that we must not forget how to manually do the same functions and emphasize the importance of downtime processes and business continuity planning,” Russell Teague, Chief Information Security Officer, Fortified Health Security explained to The HIPAA Journal. “When technology fails, and it will at some point, we must have tech downtime procedures written, tested, and trained on regularly, so we can continue to deliver critical services to our patients even when tech suffers an outage.”
Many Hospitals and Health Systems Affected by the Outage
The majority of Windows devices were unaffected, as CrowdStrike’s Falcon platform is an enterprise security operation center platform used for monitoring, assessing, and defending against cyber threats; however, the platform is used by around half of all Fortune 500 firms and many public and private sector entities including critical infrastructure organizations. According to CrowdStrike, 6 of the top 10 health systems in the United States use its platform. Even organizations that do not use the platform are likely to be adversely affected if it is used by any of their vendors.
Without access to Windows devices, United Airlines and Delta Air Lines were forced to ground their planes and cancel flights, and healthcare providers were prevented from accessing essential systems such as electronic medical records and scheduling tools and were prevented from electronically sending prescriptions to pharmacies. As a result, many had to switch to pen and paper and were forced to cancel or delay appointments and procedures due to patient safety concerns.
Mass General Brigham was forced to cancel all non-urgent visits on Friday due to the disruption, with the incident also causing disruption at Cleveland Clinic, CommonSpirit Health, Cone Health, Corewell Health, Emory Healthcare, Harris Health System, Mount Sinai, Memorial Sloan Kettering Cancer Center, Norton Healthcare, RWJBarnabas Health, Tufts Medical Center, and South Shore Health, and others.
It is not only hospitals and health systems that have been affected, as the outage has affected laboratories, transcription services, phone systems, Medicaid and insurance billing, 911 communications, secure file transfers, shipments, and more. The outage also affected the electronic health record provider, Epic, rendering some of its features unavailable, such as Epic Video Client, although those services have now been restored.
Warnings Issued That Cybercriminals Already Taking Advantage
In addition to the disruption caused by the faulty update, there are signs that cybercriminals are already taking advantage. SecureWorks has identified a sharp increase in CrowdStrike-themed domains since Friday, with those domains used to target people who are desperate to get their systems back online in order to steal credentials and install malware. Cybercriminals have been impersonating CrowdStrike and reaching out to offer assistance restoring systems, with the scams leading to malware or remote access solutions being installed. Cybersecurity agencies worldwide have been issuing warnings urging everyone to be vigilant against fake emails, malicious websites, and telephone calls.
