07/26/2024 | News release | Distributed by Public on 07/26/2024 09:26
Photo by Laura James via pexels
On July 19, a software patch released by CrowdStrike contained an undetected error that severely disrupted operations for major companies and health care institutions using Microsoft Windows devices.
In what is believed to be the largest information technology outage in history, over 36,000 flights worldwide were canceled. Courthouses nationwide closed or delayed trial proceedings. As hospitals and health systems continue to recover, there are still numerous ideas for journalists to pursue. This tip sheet provides an update on what happened, and some ideas for second-day stories.
CrowdStrike produces software designed to detect and prevent cyberattacks. Its platform Falcon was developed to monitor a company's machines for hacking attempts, viruses and other threats, the Wall Street Journal reported. The product is used by multiple large companies including airlines, banks, hospitals and health systems.
On July 19, an update issued by the company caused machines running Microsoft Windows operating systems to crash due to a compatibility fault, resulting in the "blue screen of death" - a term used to describe an error screen that appears on PCs when they overheat or encounter a critical issue.
A faulty content update released for customers who have Windows operating systems prompted system outages. Microsoft estimated that 8.5 million Windows devices were impacted, Becker's Health IT reported.
CrowdStrike CEO George Kurtz posted on X (formerly Twitter) that the outages were not caused by a security or cyber incident, and that they were "deeply sorry for the inconvenience and disruption" and had deployed a fix.
Microsoft said it deployed hundreds of engineers and experts to restore services and has kept its customers informed on the incident through an online dashboard, Healthcare IT News reported. The situation "is a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist," Microsoft said in a blog post.
Hospitals and other health care providers impacted by the outage canceled surgeries and other procedures and switched to downtime operations when possible, working on paper. Kaiser Permanente activated its national command center in response to the "unprecedented" disruption, the New York Times reported.
Banner Health in Phoenix closed clinics, urgent care centers and other outpatient facilities. Mass General Brigham in Boston canceled all non-urgent procedures, surgeries and visits. Upstate University Hospital in Syracuse, N.Y., delayed some outpatient services and procedures, including lab appointments.
Other major institutions impacted include Duke Health, Memorial Sloan Kettering Cancer Center and Seattle Children's Hospital. CommonSpirit Health in Chicago canceled some appointments but restored operations to enough devices to stay open, according to the Wall Street Journal.
Additionally, many 911 and nonemergency call centers were disrupted. Services at community pharmacies, including accessing prescriptions and getting medication deliveries, were also disrupted. Labcorp said the outage impacted their ability to deliver lab results.
"This is worse than a cyberattack," B.J. Moore, chief information officer of Providence Health system in Renton, Wash., told the Times. The disruption affected the health system's IT network and the computers of its partners. The health system operates 52 hospitals in seven states and 1,000 clinics.
Some features of Epic's electronic health records, like its telehealth visit platform, weren't available during the outage. Hospital systems such as MassGeneralBrigham; RWJBarnabas Health in West Orange, N.J.; University of Vermont Health Network; and Harris Health System in Bellaire, Texas, said they had restored operations by July 22, Becker's Health IT reported. But full restoration could take weeks for others.