Many affected health systems say they are back up and running, days after a global IT outage caused by a faulty CrowdStrike update took millions of Microsoft systems offline on July 19. The outage hit industries around the world, not least healthcare, where it left some providers resorting to pen and paper after losing access to electronic medical records and other mission-critical systems.
In order to reboot computers after the ‘blue screen of death’ problem, exhausted IT staff often had to troubleshoot themselves. Large-scale deployments were also carried out by Crowdstrike, Microsoft and others.
As the dust settles, the event continues to cause flight cancellations and delays for the aviation industry – experts say the global disruption offers an object lesson in the vulnerabilities of technology and could raise difficult questions about the design of interoperable systems and the operational readiness of providers during mass outages.
Risks to patient care
This past weekend, Mass General Brigham patient portal users were pleased to read the following statement: “Mass General Brigham hospitals are open and receiving patients. All scheduled appointments and procedures will occur as scheduled on Monday, July 22.”
News of the critical incident at the Royal Surrey NHS Foundation Trust healthcare system in England disappeared on Saturday morning when the critical incident was reported. resigned.
While Mass General Brigham remained open during the global IT outage and provided care to patients with urgent health concerns in the group’s clinics and emergency departments, all previously scheduled non-urgent surgeries, procedures and medical visits were canceled on Friday.
Being back to operational will hopefully come as a relief to patients like Doreen Richards, who told Channel 5 ABC Boston she traveled to the city only to have her pre-op appointment canceled due to the outage, while others scheduled for surgeries and life-saving therapies were delayed at the hospital or at home.
Unlike banking, an unintended outage poses physical risks to consumer safety.
“It is a technical failureno cyberattack, so there is no risk to the security of your money. Even problems with accessing money would be temporary until a solution is implemented,” Greg McBride, chief financial analyst at Bankrate.com, told AARP.
Service Credits and Potential Litigation
It appears that CrowdStrike’s rewards will likely come in the form of refunded payments for services, according to Business insiderthat one View the contract terms of the external supplier.
Consumers who have not been treated fairly in refunds for payments for loss of services are advised to take this up directly with the airline. For example, where a cancelled flight cannot be rebooked to a later date and the airline only provides a credit note.
While no major lawsuits have been filed against patients following Friday’s technical glitch, and it could take some time, as the court case filed last week for a January 31 cyberattack on Lurie Children’s Hospital – patients have accused above other types of disturbances.
To accelerate the return to operations, Microsoft worked with CrowdStrike and others to address the approximately 8.5 million affected devices.
“Since the start of this event, we have been in constant contact with our customers, CrowdStrike, and third-party developers to gather information and accelerate resolutions,” the company said in a statement. online statement on Saturday.
“We recognize the disruption this issue has caused to businesses and the daily routines of many individuals. Our focus is on providing technical guidance and support to customers to safely bring disrupted systems back online.”
Microsoft said it has taken steps to:
- Partner with CrowdStrike to automate their work in developing a solution.
- Deploy hundreds of Microsoft engineers and experts who work directly with customers to restore services.
- Work with other cloud providers and stakeholders, including Google Cloud Platform and Amazon Web Services, to raise awareness of the impact we all see in the industry and support ongoing conversations with CrowdStrike and customers.
- After manual remediation documentation and scripts.
- Keep customers informed about the latest status of the incident via the Azure Status Dashboard.
Microsoft said CrowdStrike helped them develop a scalable patch that would more quickly resolve CrowdStrike’s faulty updates and restore customers’ assets to the cloud, which is important for restoring service to healthcare institutions and other organizations on Azure.
Too big to fail?
The CrowdStrike outage could be the worst IT disaster in history, although major cloud providers have suffered outages in the past. In 2017, Amazon S3 cloud went down, impacting the functionality of healthcare websites and applications.
“This incident demonstrates the interconnectedness of our broad ecosystem: global cloud providers, software platforms, security vendors, and other software vendors and customers,” Microsoft acknowledged in its statement Saturday.
“It’s also a reminder of how important it is for all of us in the technology ecosystem to prioritize safe deployment and disaster recovery using existing mechanisms.”
The event, which did not impact systems not using CrowdStrike, such as almost all systems in Chinawas not unthinkable.
Modern social systems “are designed for hyperconnected optimization, not decentralized resilience” and this event should be considered a warningaccording to The Atlantic Ocean.
For healthcare, where so many third-party service providers play a role, this is a new opportunity to test contingency plans to minimize disruption to patient lives.
Andrea Fox is Editor-in-Chief of Healthcare IT News.
Email address: afox@himss.org
Healthcare IT News is a publication of HIMSS Media.