A misconfigured Crowdstrike Falcon update pushed to Windows early Friday morning has caused millions of computers to show the infamous the “blue screen of death,” and has disrupted care delivery at hospitals, health systems and medical practices in the U.S., U.K., Israel, Germany and other countries.Â
Clinicians are working manually to provide patient care in the absence of access to electronic health records and other mission-critical IT systems.Â
The massive outage was “not a security incident or cyberattack,” according to CrowdStrike CEO George Kurtz, who offered a statement Friday morning on the social media platform X.
WHY IT MATTERSThe incident has impacted countless people and multiple industries around the world – not just healthcare organizations, but airlines, banks and other financial institutions. Millions of Microsoft users are dealing with the IT outages as consumers encounter delays and disruptions.Â
For instance, the Epic EHR was not accessible at Boston’s Massachusetts General Hospital on Friday morning, according to NBC Channel 10 News, with Mass General Brigham also reporting widespread disruptions and canceled appointments across its hospitals and medical centers.
Other Boston area IT systems, including Beth Israel Deconess Medical Center’s website, were reportedly down for a time, but are already back online.Â
The Times of Israel is reporting that the outage has impacted operations at more than a dozen hospitals now operating manually, with ambulances rerouted away from impacted medical centers.
Two hospitals at the University Clinic of Schleswig-Holstein in Germany have canceled elective surgeries due to the global IT outage, according to Reuters.Â
The U.K.’s National Health Service told CNN that the outages are disrupting most general practitioner offices in England, which are using paper patient records, but not emergency services.Â
One hospital system – Royal Surrey NHS Foundation Trust – declared a critical incident due to the outage. The outage is affecting radiotherapy treatment and pharmacies are not receiving prescription information from providers, Metro.co.uk reported.
Cincinnati Children’s Hospital Medical Center said a number of its systems are affected.
“Our teams are working hard to minimize disruption to patient care and system operations, and we are bringing systems back up as quickly as possible,” the hospital said on its website.
Nonsurgical appointments before 10 a.m. were canceled, while emergency and urgent care centers remained open. Patients with scheduled surgeries and imaging appointments have been advised to expect delays.
According to SC Media UK, a workaround has been published for the faulty update for Crowdstrike’s Falcon sensor.Â
To fix the machines stuck in a BSOD loop, Brody Nisbet, Crowdstrike’s chief threat hunter recommended that users:
Boot Windows into Safe Mode or WRE.
Go to C:\Windows\System32\drivers\CrowdStrike
Locate and delete file matching “C-00000291*.sys”
Boot normally.
THE LARGER TRENDIn an era where widespread and disruptive cyberattacks have become more common, the fact that this global outage is not caused by an attack may be somewhat reassuring. It’s also cold comfort to the countless clinicians and patients who have been affected by it.
ON THE RECORD”CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” Kurtz said in a statement on X. “Mac and Linux hosts are not impacted. The issue has been identified, isolated and a fix has been deployed.
“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website,” he added. “We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
Andrea Fox is senior editor of Healthcare IT News.Email:Â afox@himss.orgHealthcare IT News is a HIMSS Media publication.
The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C.