A new study has revealed that at least 759 American hospitals experienced network disruptions during the CrowdStrike software crash one year ago, with more than 200 facing outages directly impacting patient care.
Wired reports that one year after a faulty update to cybersecurity firm CrowdStrike’s software caused a global IT meltdown, a study by researchers from the University of California, San Diego (UCSD) has shed light on the incident’s impact on US hospitals. Published in JAMA Network Open, the study estimates that a minimum of 759 hospitals nationwide experienced network disruptions on July 19, 2024, the day of the CrowdStrike crash.
The researchers found that more than 200 of the affected hospitals faced outages specifically related to patient care services, such as electronic health records, fetal monitoring systems, and remote patient monitoring tools. Additionally, the study detected disruptions in “operationally relevant” systems like staff scheduling platforms and bill payment systems at 212 hospitals, as well as outages in “research-relevant” services at 62 facilities.
To conduct the study, the UCSD team leveraged an ongoing internet-scanning project called Ransomwhere?, which was initially designed to detect ransomware outages at hospitals. By scanning publicly accessible parts of hospital networks before, during, and after the CrowdStrike incident, the researchers were able to identify the scope and nature of the disruptions.
While CrowdStrike has criticized the study’s methodology and conclusions, the researchers maintain that their findings provide valuable insights into the potential impact of such incidents on public health. “If we had had this paper’s data a year ago when this happened, I think we would have been much more concerned about how much impact it really had on US health care,” said Christian Dameff, a UCSD emergency medicine doctor and cybersecurity researcher who co-authored the study.
The study’s authors emphasize that their count of affected hospitals is likely an underestimate, as they were only able to scan about a third of the more than 6,000 hospitals in the US. Furthermore, they note that while most of the disrupted services were restored within six hours, even brief outages can have serious consequences for patient care, particularly in time-critical situations such as heart attacks and strokes.
The findings also highlight the importance of monitoring and learning from mass medical network outages to better protect hospitals from both accidental disruptions and intentional cyberattacks in the future. By comparing the scale and potential intensity of the CrowdStrike incident to previous malware attacks like NotPetya and WannaCry, the researchers underscore the need for robust cybersecurity measures in the healthcare sector.
Read more at Wired here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
