Network Disruptions in US Hospitals Linked to Cloud Strike Software Incident
A recent study indicates that over 759 hospitals in the United States faced network disruptions following a cybersecurity incident linked to CrowdStrike software exactly one year ago. Out of these disruptions, more than 200 outages significantly impacted patient care, particularly services like electronic health records and remote patient monitoring.
This research, published in Jama Network Open, is based on findings from the University of California San Diego. The incident, which took place on July 19, 2024, caused considerable confusion among hospitals, as highlighted by the survey. The study aimed to evaluate how widespread the issues were across the nation.
According to the researchers, of the hospitals that experienced outages, more than 200 were affected in ways critical to patient services. The disruptions also extended to operational systems, affecting staff scheduling and billing, among other functions. In addition, about 62 hospitals faced issues related to research services.
The team at UCSD carried out their analysis using a scanning project named Ransomwhere, which allowed them to monitor parts of hospital networks before, during, and after the cloud strike incident, shedding light on the nature and severity of the impact.
While CrowdStrike has criticized the study’s methodology and conclusions, the researchers assert that their findings are crucial in understanding potential risks to public health. Christian Damef, an emergency physician and one of the study’s co-authors, remarked that had they had this data available when the incident occurred, he would have been far more alarmed by its effects on healthcare.
Importantly, the authors noted that their analysis only covered about a third of the more than 6,000 hospitals in the U.S., suggesting that the total number of affected facilities might be higher. Although many services were restored within a six-hour window, the brief pauses in services can have severe implications for patients, especially during critical health emergencies.
The study emphasizes the necessity of ongoing monitoring and learning from such outages to improve defenses against both unintentional and malicious cyber threats in hospitals. By comparing the incident’s scale to previous malware attacks like NotPetya and WannaCry, the researchers underscored the urgent need for solid cybersecurity protocols in the healthcare sector.
