Early this morning a worldwide Microsoft outage was reported resulting from a bug fix pushed by CrowdStrike. The update caused affected users’ systems to be completely down, halting businesses across the globe using the security tool CrowdStrike Falcon as their cyber protection. Of particular concern is how this has affected patient care, as several hospitals have reported that they were among the victims of the botched security update.
Hospitals Reporting Outages
As millions of Microsoft users deal with outages, hospitals, health systems, and medical practices have made statements on how this affects patient care. Without access to electronic records, many have been forced to turn away patients.
Massachusetts reported outages that affected several industries, including healthcare. According to an article published by NBC Boston, more than 40 hospitals and healthcare systems, including Mass General, were using an EHR system affected by the outage. The Cincinnati Children’s Hospital Medical Center also experienced outages, and posted this statement to its website, “We ask for your patience as our teams are continuing to work as quickly as possible to restore all computer systems and functions across all locations; however, delays may still occur and should be planned for whenever possible.”
According to Reuters, two German hospitals have been forced to cancel elective procedures but were still able to maintain emergency services. In the U.K., the Royal Surrey NHS Foundation Trust posted a similar statement on its website, “Royal Surrey has declared a critical incident due to external IT issues which are widely affecting services including ours. This issue has affected Varian, the IT system we use to deliver radiotherapy treatments.” The Health Ministry in Israel also disclosed that the incident impacted more than a dozen hospitals.
Ambulances worldwide were diverted to unaffected emergency facilities.
How Have CrowdStrike and Microsoft Responded?
George Kurtz, President & CEO of CrowdStrike, released a public statement on X regarding the incident, “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers”.
CrowdStrike’s Chief Threat Hunter Brody Nisbet also recommended this workaround:
- Boot Windows into Safe Mode or WRE.
- Go to C:\Windows\System32\drivers\CrowdStrike
- Locate and delete file matching “C-00000291*.sys”
- Boot normally
While CrowdStrike and Microsoft have already released a fix, correcting the downed systems will take some time, and many businesses will likely be without access for several days.
Cybersecurity Experts Comment
We asked Ben Beninati, Technical Customer Support Specialist and Cybersecurity SME, Compliancy Group, his thoughts on the outage and how businesses can prevent similar incidents from affecting them in the future.
When it comes to operating large-scale infrastructure, it’s important to consider diversifying technology and implementing “fail safes” to avoid single-points-of-failure. When there is not a lot of diversity, a single issue could have a significant impact, like with the CrowdStrike Falcon issues. Being prepared for situations like this is notoriously difficult to do – no one can predict that a situation like this will occur (a faulty patch in software you trust) – and oftentimes most things are set to auto-update as a matter of best practice.
Unfortunately, this situation ends up being one in which enforcing specific patch management requirements for specific technology and good system engineering may be required to avoid any unexpected issues in environments that have low technology diversity and opt to use a gradual patch deployment approach, as opposed to all-at-once patch deployments.
“Essentially – Large Organizations should consider diversifying software and technology comparing to colleagues in the same sector – just because they’re using it doesn’t mean you must. Explore the available options – even if there may only be a few. Consider different patch management strategies, such as a gradual approach to delay major updates that may have an impact on the entire infrastructure.,” commented Beninati.
