Some health systems continue to be impacted by the global IT outage that occurred on Friday while a national cybersecurity agency warns that hackers are trying to leverage the outage to conduct malicious activity.
Microsoft suffered a global IT outage Friday morning that has been blamed on a faulty software update from cybersecurity company CrowdStrike, which is widely used by businesses and government agencies that run on Microsoft computers.
Mass General Brigham posted an update on its website that hospitals and clinics are open and seeing patients and that all scheduled appointments and procedures will proceed as planned today.
Corewell Health in Michigan, which operates 21 hospitals, said some of its computers and systems continue to be impacted and some patients are expriencing delays in care, the health system said in a statement on its website.
On Saturday morning, Providence issued an update that it was making steady progress bringing systems back online. "Our efforts will continue throughout this weekend as we work to restore service levels back to normal as much as possible by Monday morning," the health system said.
RWJBarnabas Health said in a statement posted on X that normal operations have resumed across the system and praised its IT teams. "If not managed aggressively and effectively" the global Microsoft outage "could have caused significant disruption to the health system," the health system posted. "The ingenuity and teamwork demonstrated by RWJBarnabas Health’s workforce was exemplary. Led by the system’s Information Technology Department and Office of Emergency Management, their tireless efforts to resolve issues quickly and efficiently were critical in maintaining patient safety during a time of uncertainty," the health system wrote.
On Saturday, Microsoft published a recovery tool to help with CrowdStrike issues impacting Windows endpoints. The recovery tool offers two repair options to help IT admins expedite the repair process, the tech company wrote in a blog post.
Microsoft estimates the CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines. "While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services," David Weston, vice president of enterprise and OS security at Microsoft, wrote in a blog post.
"This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers. It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist," Weston wrote.
CrowdStrike also continues to provide updated guidance on Friday's widespread IT outage, including remediation steps for specific environments. And, CrowdStrike released technical details that provide atechnical summary of the outage and the impact.
The Cybersecurity and Infrastructure Security Agency warned that cyber threat actors continue to leverage the outage to conduct malicious activity, including phishing attempts.
According to a new CrowdStrike blog, threat actors have been distributing a malicious ZIP archive file. This activity appears to be targeting Latin America-based CrowdStrike customers.
Initial story published Friday, July 19 at 12 noon ET
A widespread global IT outage impacted health systems, hospitals and clinics as electronic health record software has been knocked offline, forcing providers to cancel or delay non-emergency procedures and services.
Several states across the U.S. also reported that their emergency 911 call centers have been hit. The outage also impacted banks, media companies and airlines, with thousands of flights canceled.
Microsoft suffered a global IT outage Friday morning that has been blamed on a faulty software update from cybersecurity company CrowdStrike, which is widely used by businesses and government agencies that run on Microsoft computers.
CrowdStrike CEO George Kurtz said Friday morning the company is actively working with customers impacted by a defect found in a single content update for Windows hosts.
"This is not a security incident or cyberattack," CrowdStrike said in a statement posted to its website and Kurtz also said in a post on X, formerly Twitter. "The issue has been identified, isolated and a fix has been deployed."
“The system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system,” Kurtz said, as NBC reported. “Our systems are always looking for the latest attacks from these adversaries that are out there.”
For the healthcare industry, the massive IT outage comes five months after a massive ransomware attack at UnitedHealth Group's Change Healthcare cause widespread disruption and a significant financial fallout for hospitals, pharmacies and medical groups. Although the Microsoft/CrowdStrike outage is not a security incident or a cyberattack, the disruption highlights how a glitch a third-party vendor can have a ripple effect on the industry.
Epic staff are working with customer IT teams to restore access as fixes or mitigation approaches are available from CrowdStrike." — Epic spokesperson
Analysts at Fitch Ratings report that the widespread fallout will likely be muted for non-profit hospitals despite short-term impacts and scaling back normal operations.
“The CrowdStrike event is forcing some U.S. NFP hospital providers to scale back normal operations, generally causing delays and cancellations of non-emergent surgeries.”
“While fairly widespread across multiple industries, resultant delays are not likely to last for any significant period of time with U.S. NFP hospital providers able to resume normal operations relatively quickly," Kevin Holloran, senior director at Fitch Ratings wrote in a statement.
Hospital computer systems impacted
Some healthcare centers report that they are not affected by the outage while others had to suspend medical visits, surgeries and procedures.
Mass General Brigham said the worldwide software outage affected many of its systems impacting providers' access to clinical systems, including patient health records and scheduling.
The health system canceled all non-urgent medical visits at all of its hospitals and clinics Friday, according to a statement posted to its website.
The health system said hospitals are open for urgent appointments and procedures, and emergency rooms remain open.
NATIONAL: Outage affecting 911 lines in multiple states. If you have an emergency, call the 10-digit number for your local police or fire department.
— U.S. Emergency Alert (@ENSAlerts) July 19, 2024
The outage prompted Kaiser Permanente to activate its national command center at 4:30 a.m. PT to address the incident, evaluate the impacts to care operations, computer systems and servers, and coordinate recovery as needed, according to Steve Shivinsky, director of national media relations at the health system.
"In some situations, we have activated backup systems to support both continuous patient care and to secure access to medical records. All Kaiser Permanente hospitals and medical offices remain open for care and service, and we are continuing to monitor our operations as we work to restore all affected systems," Shivinsky said.
An Epic spokesperson said in a statement that Nebula, Epic’s platform for cloud-based applications and services, was impacted last night by the Microsoft Azure Central region outage. "Some features such as Epic Video Client for telehealth visits were not available during the outage. We have restored access to these features and are monitoring Nebula," the spokesperson said.
The CrowdStrike update has not affected Epic's software or services directly but has caused technical issues that prevent healthcare organizations from using their systems, the spokesperson said.
"Some groups have reported that the laptop and desktop workstations their staff use to access Epic are down. Others report that issues with data center software are preventing them from using multiple systems including Epic. Organizations that have been affected are following pre-established downtime protocols to continue delivering patient care. Epic staff are working with customer IT teams to restore access as fixes or mitigation approaches are available from CrowdStrike," the spokesperson told Fierce Healthcare.
Epic’s internal systems, including those we use to provide remote support to customers worldwide, are unaffected.
The outage is affecting large health systems and smaller hospitals alike. Kaleida Health, which operates five hospitals in the Buffalo, New York area, said it has implemented computer downtime procedures and encourages patients to report to appointments as scheduled, according to a statement posted online. Procedures may be delayed, the hospital said.
Local media throughout the country reported problems for hospitals as clinical IT systems were down, forcing providers to revert to paper records.
In a statement, Providence said its facilities, like other organizations across the world, were impacted by the CrowdStrike outage. "Our IT teams have been working overnight to respond to the issue and have restored key functionality in the Epic electronic health record so that nurses, physicians and other caregivers can access patient records and perform clinical documentation," the health system said in a statement. "However, other clinical applications and workstations continue to be impacted, and our IT teams are working to restore these services as soon as possible. Patient safety and access to care is always the top priority at Providence. We will provide updates as new information becomes available."
Cleveland Clinic said some of its technology has been impacted by the global IT outage. "Patient care is not affected, and we are continuing to provide care at all locations," the health system said in a statement.
A spokesperson for HCA Healthcare, which runs about 188 hospitals, said the health system has not been directly impacted by CrowdStrike’s technology issue. "We are working with our vendors to understand any issues they may be facing. We do not expect the incident to impact our ability to provide care to our patients," the spokesperson said.
UPMC said the CrowdStrike cybersecurity outage affected fewer than 10% of its Microsoft Windows-based devices at some of our facilities. "UPMC’s IT team intervened early to mitigate the problem and is restoring servers and PCs. Patient care has not been affected and our facilities are operational. Our emergency departments are open and appointments and procedures will proceed as scheduled," a health system spokesperson said in a statement.
Harris Health System in Houston said on X, formerly known as Twitter, that outpatient clinic appointments and elective hospital procedures have been canceled today.
On Reddit and TikTok posts, online chatter from nurses and clinicians described widespread impacts with hospital clinical IT systems being down and some hospitals even diverting patients. One post on Reddit said the tech outage was affecting all the hospitals in the poster's city and emergency services. "Health records not working. EMS can’t call the hospital for out-of-protocol orders and 911 dispatch having problems," the poster wrote.
Many reported earlier this morning that Epic EHR systems have been down for several hours.
Corewell Health in Michigan, which operates 21 hospitals, posted a statement on its website that many of its computers and systems were affected by the current global technology issue. "Our teams are assessing the situation and working together to care for our patients. Our hospitals and emergency rooms are open. Some procedures and appointments might be delayed," the health system wrote.
News 12 in New York reported that Northwell Health activated its system emergency operations center Friday due to the widespread technology outage.
In a statement, a spokesperson said Northwell Health is currently experiencing sporadic technology impacts due to a global issue caused by a faulty update from a third-party cybersecurity provider, CrowdStrike. "Where needed, we have implemented standard emergency response procedures to ensure the continued quality of care and safety of our patients," the spokesperson said.
Major health system CommonSpirit, which operates about 145 hospitals and 2,200 care sites, said "some facilities within CommonSpirit Health" have been affected by the tech outage. The health system did not mention any cancelation of services.
Trinity Health experienced issues with some workstations and applications with Windows-based devices running CrowdStrike this morning, a spokesperson said in a statement to Fierce Healthcare. "As soon as the issue was identified, updates were halted and standard protocols to restore service and communicate with colleagues were implemented. Only a small percentage of our servers nationwide were affected. The majority of the technical issues have been remediated, and there has been no impact to patient safety," the spokesperson said.
Associate editor Dave Muoio and senior writer Anastassia Gliadkovskaya contributed to the reporting.