A year ago, a software update from cybersecurity firm CrowdStrike caused significant disruptions by crashing millions of computers globally. Recent research has shown that this incident significantly affected U.S. hospitals, with at least 759 institutions experiencing network disruptions. More than 200 of these hospitals reported outages that directly impacted patient care, including inaccessible health records and offline fetal monitoring systems.
The study, conducted by researchers from the University of California San Diego and published in JAMA Network Open, is one of the first to quantify the healthcare ramifications of the CrowdStrike outage, which coincided with a major incident involving Microsoft’s Azure cloud service. The researchers utilized internet scanning tools to assess the effects, finding that 34% of the hospitals they scanned suffered some form of service disruption.
Christian Dameff, an emergency medicine doctor and one of the paper’s authors, emphasized the potential for serious public health consequences, stating that the study’s data could have prompted greater concern about the incident’s impact on U.S. healthcare when it occurred. Despite CrowdStrike labeling the study as "junk science," claiming that the findings were unverified and ignoring other potential causes of the outages, UCSD researchers defended their conclusions. They argue that the timing of the outages aligns closely with the installation of the faulty software update from CrowdStrike.
The paper indicates that many hospitals experienced critical service outages that could severely affect patient care. For example, disruptions in accessing scans or health records could delay urgent treatments, raising the potential for negative health outcomes. Although most hospital services were restored relatively quickly—58% coming back online within six hours—some outages lasted longer than 48 hours, which is still significant compared to the extensive downtime caused by other major cyberattacks.
This study sheds light on the widespread impact of the CrowdStrike outage on healthcare facilities, prompting a necessary conversation about the resilience of medical infrastructures against such disruptions, whether from software malfunctions or cyberattacks. The findings are part of an ongoing effort to better understand and mitigate the consequences of technical failures in healthcare settings.
For further reading, you can check the original study published in JAMA Network Open here.
