750+ Hospitals Hit by CrowdStrike Outage Disruptions – Study
CrowdStrike Outage: New Study Estimates 759 US Hospitals Affected, Patient Services Disrupted
Table of Contents
A groundbreaking study, the first too attempt a quantitative estimate of the impact, suggests that a massive IT meltdown on July 19, 2024, perhaps linked to cybersecurity firm CrowdStrike, affected the networks of at least 759 hospitals across the United States. The research, published in JAMA Network Open, also indicates that a significant portion of these disruptions directly impacted patient care, with critical services like health records and fetal monitoring systems experiencing outages.
Unveiling the Scale of the Disruption
Researchers from the University of California San Diego (UCSD) employed a novel methodology, scanning internet-exposed hospital network segments before, during, and after the July 19th incident. This analysis revealed that a staggering 34% of the 2,232 hospital networks they were able to examine showed signs of disruption.
Key Findings:
Widespread Network Impact: A minimum of 759 hospitals in the US are estimated to have experienced some form of network disruption on the day of the incident.
direct patient Care Affected: Over 200 of these hospitals faced outages that directly impacted patient services. This included inaccessibility of electronic health records (EHRs), delays or unavailability of test scans, and even the shutdown of vital systems like fetal monitoring. Significant Public Health Concern: Christian Dameff,an emergency medicine doctor and cybersecurity researcher at UCSD and a co-author of the study,emphasized the gravity of the findings. “If we had had this paper’s data a year ago when this happened,” Dameff stated, “I think we would have been much more concerned about how much impact it really had on US health care.” He characterized the event as a “significant public health issue.”
CrowdStrike’s Response and Counterarguments
CrowdStrike, the cybersecurity company whose software is widely used in healthcare, has strongly contested the UCSD study‘s findings and JAMA’s decision to publish it. In a statement, CrowdStrike labeled the paper “junk science,” raising several critical points regarding the research methodology.
CrowdStrike’s Criticisms:
Lack of Verification: CrowdStrike asserts that the UCSD researchers did not verify whether the disrupted networks actually ran Windows or CrowdStrike software.
Concurrent Outages: The company highlighted that Microsoft’s cloud service Azure also experienced a major outage on the same day, suggesting this could have been a contributing factor to some of the observed hospital network disruptions.
Irresponsible Conclusions: CrowdStrike argued that “drawing conclusions about downtime and patient impact without verifying the findings with any of the hospitals mentioned is completely irresponsible and scientifically indefensible.”
despite rejecting the study’s methodology and conclusions, CrowdStrike acknowledged the impact of the incident. “While we reject the methodology and conclusions of this report, we recognize the impact the incident had a year ago,” the statement read. “As we’ve said from the start, we sincerely apologize to our customers and those affected and continue to focus on strengthening the resilience of our platform and the industry.”
The study’s findings underscore the critical need for robust cybersecurity measures within the healthcare sector and the potential cascading effects of widespread IT failures on patient care. The debate over the precise cause and extent of the disruption continues, but this research provides the first quantitative glimpse into the significant impact of the july 19, 2024, IT crisis on American hospitals.
