Global IT outage forces hospitals to cancel appointments

A global IT outage affecting Windows systems forced several hospitals to cancel non-urgent appointments amid technical disruptions. Companies worldwide began reporting outages Friday morning, including airlines, government agencies and hospitals.

Cybersecurity firm CrowdStrike confirmed in a blog post that the incident stemmed from a faulty content update to CrowdStrike's Falcon threat detection platform, and was not caused by a cyberattack. The outage affected Windows hosts only, and Mac and Linux users were unaffected.

CrowdStrike isolated the issue and deployed a fix, but not before several hospitals felt the effects of the outage. Users reported seeing a blue screen of death during the outage, an error that occurs during a full system failure.

Mass General Brigham hospitals and clinics canceled all non-urgent visits on Friday due to the disruptions. The organization stated that it was unable to access its clinical systems, including patient health records and scheduling tools. Despite the disruptions, Mass General Brigham remained open to provide emergency care.

Memorial Sloan Kettering Cancer Center, Cleveland Clinic and Mount Sinai were among other healthcare organizations affected by the incident. Like Mass General Brigham, Harris Health System in Texas canceled outpatient clinic appointments and elective hospital procedures on Friday, with plans to reschedule those appointments once the system issues were resolved.

Russell Teague, chief information security officer at Fortified Health Security, told TechTarget Editorial that even if an organization is not actively running CrowdStrike Falcon Endpoint Detection and Response technology, it might still be affected by third-party vendors that use this technology.

"These situations remind all of us that we must not forget how to manually do the same functions and emphasize the importance of downtime processes and business continuity planning," Teague noted.

"When technology fails, and it will at some point, we must have tech downtime procedures written, tested and trained on regularly, so we can continue to deliver critical services to our patients even when tech suffers an outage."

Teague stressed the importance of maintaining a solid business continuity plan that extends beyond an organization's internal assets and includes considerations for third-party vendors.

Josh Thorngren, security strategist at ForAllSecure, emphasized CrowdStrike's significant presence across critical industries and the issues that can stem from automated updates.

"The reality is this could happen with many vendors. Engineering teams have to move fast to release updates -- patches to fix their own security issues, upgrades of open source packages, or just new features or improvements for customers. Unfortunately, what happens, particularly when you're just deploying a security patch or upgrading a third-party component, is that there's not sufficient verification or regression testing," Thorngren said.

"We don't know all the particulars here, but when I talk to engineering leaders, nearly all of them have a story where they upgraded a single component from version 2 to version 2.1 and it took down the entire application."

CrowdStrike referred affected customers to its support portal for updates and said it would continue to provide public updates on its blog as the incident unfolds.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.