On Monday, 20 October 2025, Amazon Web Services (AWS), the cloud-computing arm of Amazon, experienced a major outage that affected a wide range of websites, apps, and digital services worldwide.
What happened
The disruption began at around 8 a.m. BST (shortly after midnight Pacific time) when AWS reported “increased error rates and latencies” across a region on the US East Coast. The issue was traced to the AWS “US-East-1” region, known for being one of its key data center hubs.
The outage triggered ripple effects globally: monitoring site Downdetector recorded over 8 million reports of issues, including nearly 2 million in the US, about 1 million in the UK, and hundreds of thousands elsewhere.
Affected services included major apps and platforms such as Snapchat, Roblox, Signal, and Duolingo. Amazon’s own retail site and its subsidiary Ring doorbell systems were also impacted. By late afternoon in the UK, AWS said its services had “returned to normal operations.”
Going deeper
The root cause appears to have been an internal IT fault rather than any deliberate cyberattack. AWS’s health dashboard referenced problems with its DynamoDB database system and an internal subsystem responsible for load balancers (which distribute traffic across servers). Experts emphasized that the outage indicates how heavily much of the internet, and in particular digital services and infrastructure, relies on just a handful of cloud providers.
From a regulatory standpoint, the UK government confirmed it was in contact with Amazon over the incident, and the UK Treasury Committee has questioned why Amazon has not yet been designated as a “critical third party” in the financial services sector, which would bring it under enhanced oversight.
What was said
According to The Guardian, at approximately 7 a.m. Pacific Time (around 3 p.m. UK), AWS stated: “We can confirm significant API errors and connectivity issues across multiple services … We are investigating.” Later, AWS placed limits on the number of requests that could be made on its platform in order to aid recovery.
UK government spokesperson: “We are aware of an incident affecting Amazon Web Services and several online services that rely on their infrastructure. Through our established incident response arrangements, we are in contact with the company, who are working to restore services as quickly as possible.”
Why it matters
The AWS outage demonstrates how deeply modern industries rely on a handful of cloud providers and how a single disruption can ripple across sectors from retail to healthcare. For healthcare organizations, such dependence poses significant HIPAA compliance risks, as outages can compromise the confidentiality, integrity, and availability of patient data. HIPAA’s Security Rule mandates that HIPAA-regulated entities “implement reasonable and appropriate administrative, physical, and technical safeguards for protecting ePHI.” To mitigate these risks and meet HIPAA’s security requirement, Paubox offers a HIPAA compliant email platform with built-in encryption, redundancy, and high availability, ensuring that even during widespread service interruptions, providers can maintain secure, reliable communication and uninterrupted patient care.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
What can healthcare organizations do to prepare for cloud outages?
Organizations should implement redundant systems, maintain data backups, and partner with vendors like Paubox that prioritize uptime and compliance to ensure communication continuity.
Can an outage lead to a HIPAA violation?
Yes. If an organization’s inability to access or protect PHI during an outage leads to delayed care or data loss, it could be considered a violation of HIPAA’s availability and security standards.
Tshedimoso Makhene
