'Worse than a cyberattack': 10 notes on the Microsoft-CrowdStrike IT outage

Hospitals and health systems continue to recover from a July 18 IT issue disrupting service for some Microsoft customers. 

Here is what to know: 

What happened?

1. CrowdStrike, a cybersecurity company, released a flawed software update July 18 that affected IT systems globally. The update affected Microsoft customers, including 8.5 million Windows devices.

2. Microsoft's engineers are working with customers to restore services, and CrowdStrike recommended workarounds to address issues. Microsoft is also collaborating with Google Cloud and Amazon Web Services to spread awareness of any issues and support affected customers.

3. CrowdStrike warned that hackers are sending a malicious file, "crowdstrike-hotfix.zip," touting it as a quick fix to the issue. The file includes malware allowing hackers to remotely monitor devices, and IT teams should make sure they are communicating through official channels with CrowdStrike representatives on any fixes.

How are health systems responding? 

4. Health systems began to have issues July 19 after the CrowdStrike issue hit Microsoft customers. Oakland, Calif.-based Kaiser Permanente, a 40-hospital system, activated its national command center in response to the "unprecedented" disruption, according to The New York Times

5. Several health systems postponed surgeries and closed outpatient facilities amid the outage while keeping emergency services functional. Phoenix-based Banner Health closed clinics, urgent care centers and outpatient facilities July 19, with plans to reopen them through July 22 as the system restored Microsoft functionality. 

Somerville, Mass.-based Mass General Brigham also reopened all its services by July 22 after delaying some appointments and surgeries July 19. Other health systems that restored their operations by July 22 include West Orange, N.J.-based RWJBarnabas Health, Burlington-based University of Vermont Health Network and Bellaire, Texas-based Harris Health System.

6. Epic and Meditech EHRs were affected by the outage. Renton, Wash.-based Providence CIO B.J. Moore told the Times, "we knew we had a catastrophe on our hands" when the 52-hospital system's EHR went down. The issue affected around 15,000 of the health system's servers and around 40,000 of their 150,000 computers were disrupted, showing just a blue screen.

"This is worse than a cyberattack," Mr. Moore said, because the disruption affected the health system's IT network as well as the computers of Providence's partners.

Providence had around 1,000 team mates recovering from the disruption and made progress over the weekend, according to a note on its website. Full restoration could take weeks, Mr. Moore told the Times.

7. Jack Kufahl, chief information security officer of Ann Arbor-based Michigan Medicine, told Becker's the recovery process could act as a springboard for preparing for any future IT outages. 

"The most important processes to continually improve are communication-related, so that IT, third-party vendors, affiliates, hospital operations and care providers can act with coordination and reduce miscommunication wherever possible," he said. "Things move fast in events like this so there is a constant revision and tracing of new information, impacts and outcomes."

8. Chicago-based CommonSpirit Health canceled some appointments and an elective surgery July 19 but was able to restore operations to enough devices to keep its hospitals and clinics open, The Wall Street Journal reported.

"In some cases, we benefit by having vendor partners who are proactive in updating and upgrading," CommonSpirit CIO Daniel Barchi told the newspaper. "Sometimes, in this case, it goes differently. And so the question is, what's the trade-off?"

9. The American Hospital Association published a cybersecurity advisory July 21 for hospitals and health systems dealing with the outage. 

"For those hospitals that remain impacted, the Microsoft recovery solution may be able to accelerate recovery," John Riggi, the AHA's national adviser for cybersecurity and risk, said in the notice. "We appreciate the responsiveness of both Microsoft and CrowdStrike and we will continue to engage their leadership to directly relay the operational, financial and clinical impact America's hospitals and health systems are experiencing due to the CrowdStrike update."

10. Mitesh Rao, MD, former chief patient safety officer of Palo Alto, Calif.-based Stanford Health Care and the founder and CEO of data company OMNY Health, told Becker's so many hospitals and health systems were affected because "most desktops across U.S. health systems run on Microsoft" so the interruption would "unfortunately affect every aspect of patient care."

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars