A recent IT issue at cybersecurity software company CrowdStrike resulted in a tech outage that has left companies all over the globe reeling — from banks to airlines to of course, healthcare providers. Experts agree that the disruption’s scale is historic, with some believing it to be the largest worldwide tech outage to ever occur.
Below are four things to know about the outage and its effect on the healthcare industry.
What is CrowdStrike?
Austin, Texas-based CrowdStrike was founded in 2011. The company sells software designed to help its customers ward off cyberattacks.
The firm has nearly 30,000 customers across the world, many of which are Fortune 500 companies. Some of its subscribers include Intel, Target, Home Depot and Mercury Financial.
What caused the outage?
On July 19, CrowdStrike released an update to its Falcon product, which is a platform designed to provide cloud-based protection against cyberattacks by using AI to detect network and endpoint intrusions. Once the update was released, CrowdStrike customers immediately started to experience tech issues.
The update had a compatibility flaw that caused devices running on Microsoft’s Windows operating system to crash and go offline.
CrowdStrike released a statement July 19 explaining that it was in the process of reverting the compatibility defect in the update. The next day, the company warned its customers that cybercriminals were beginning to send malware files with the false promise that these files would quickly remediate the issue.
How was the healthcare industry affected?
In a July 20 statement, Microsoft estimated that CrowdStrike’s update affected 8.5 million Windows devices. Many of these devices were a part of the networks that health systems rely on to provide daily care, and the outage caused providers all over the country to lose access to their EHR.
Some well-known health systems impacted by the outage include Kaiser Permanente, Providence, Henry Ford Health, Nationwide Children’s Hospital and the Dana-Farber Cancer Institute. The outage caused some health systems — such as Mass General Brigham, RWJBarnabas Health, Penn Medicine and Seattle Children’s Hospital — to cancel nonurgent procedures and visits.
In an interview with the New York Times, Providence CIO B.J. Moore gave some perspective on the massive scale of the issue. He called the IT outage “worse than a cyberattack” and said that his health system knew it had a “catastrophe on [its] hands” when its EHR went down.
The outage impacted about 15,000 of the organization’s servers, as well as about 40,000 of its 150,000 computers, according to Moore. He also told the Times that full restoration of Providence’s systems would probably take weeks.
What are the financial repercussions?
Cloud monitoring company Parametrix released a report last week estimating that U.S.-based Fortune 500 companies (excluding Microsoft) had lost a total of $5.4 billion as a result of the outage.
The report also stated that healthcare is the sector that has suffered the greatest direct financial loss. Fortune 500 companies in the healthcare sector lost close to $2 billion due to the IT fiasco, according to the report.