One year ago today, a problematic software update from cybersecurity firm CrowdStrike resulted in widespread disruptions, affecting millions of computers globally and leading to a cycle of repeated reboots. The financial impact of this incident was comparable to some of the most severe cyberattacks recorded in history. Various estimates suggest that the total costs incurred as a result of this incident have extended well into the billions of dollars.
Recent research from a team of medical cybersecurity experts has begun to assess the repercussions of the CrowdStrike incident not merely in financial terms, but by evaluating the potential risks it posed to hospitals and patients across the United States. This study highlights significant disruptions in services at numerous hospitals during the outage, raising alarms about potential risks to patient safety and well-being.
On the anniversary of the incident, researchers from the University of California San Diego published findings in a respected medical journal, marking the first effort to estimate the number of hospitals affected by the IT failures that occurred on July 19, 2024. The study also aims to identify the services impacted within those networks.
Utilizing scans of internet-exposed hospital networks before, during, and after the CrowdStrike outage, researchers found that at least 759 hospitals experienced some level of network disruption that day. Alarmingly, over 200 of these institutions reported outages that directly impacted patient care, such as inaccessible electronic health records and offline fetal monitoring systems. Among the 2,232 hospital networks examined, approximately 34 percent suffered from some form of disruption.
This level of disruption raises concerns about the potential public health implications of the CrowdStrike outage, according to Christian Dameff, an emergency medicine physician and cybersecurity researcher from UCSD and a co-author of the study. He noted that had the data been available at the time of the incident, there would likely have been greater awareness of its impact on healthcare systems in the U.S.
CrowdStrike has issued a strong rebuttal to the findings, labeling the research as “junk science.” They criticized the methodology employed by the UCSD researchers, highlighting the lack of verification regarding the operating systems and software utilized by the disrupted networks. The statement also pointed to a concurrent major outage of Microsoft’s Azure cloud service on the same day, suggesting that it may have contributed to the disruptions experienced by hospitals.
While CrowdStrike disputes the study’s conclusions, they acknowledged the seriousness of the incident and reiterated their commitment to enhancing the resilience of their platform and the broader cybersecurity industry. This incident serves as a critical reminder of the vulnerabilities that can emerge from software updates and the far-reaching consequences they may hold for essential services.
As business owners and cybersecurity professionals reflect on this event, it is crucial to consider the MITRE ATT&CK framework when evaluating the tactics and techniques involved. Possible adversary tactics in this situation may include initial access via compromised software updates and disruption of service through privilege escalation and persistent vulnerabilities. Understanding these elements can help organizations better prepare and fortify their cybersecurity strategies against similar future threats.
