A CrowdStrike update caused a major IT outage, affecting industries globally, including healthcare, airlines, and banking services.
A recent update from CrowdStrike, intended as a minor ‘content update,’ led to widespread IT outages globally. CrowdStrike's CEO, George Kurtz, stated the issue was a defect in the update and assured it was not a cyberattack. The update was not subjected to rigorous checks, which could explain how it slipped through and caused such extensive damage.
CrowdStrike has since confirmed the problem was identified and isolated, and a fix was deployed. Nonetheless, Microsoft users experienced an error screen in Windows, known as the ‘blue screen of death,’ causing disruptions across multiple sectors. Microsoft suggested restoring Windows 365 Cloud PCs to a prior state and reported successful recoveries after multiple virtual machine restarts.
The incident follows major IT outages, like the 2017 cyberattacks affecting England’s National Health Service (NHS) and the 2021 Meta outage. However, the scope and impact of the CrowdStrike update have been unprecedented, involving global industries and services.
Affected systems include:
Furthermore, several specific impacts have been reported:
CrowdStrike CEO George Kurtz stated, "We’re deeply sorry for the impact that we’ve caused to customers, travelers, and anyone affected by this, including our companies."
Microsoft acknowledged the issue on X, saying, " We're investigating an issue impacting users’ ability to access various Microsoft 365 apps and services."
In a statement to CBS News, Microsoft added, "Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally. We are actively supporting customers to assist in their recovery."
Furthermore, Melanie Pizzey, CEO of the Global Payroll Association, warned, "The outage could have serious implications for businesses, particularly those processing payroll weekly, potentially delaying pay for employees."
This major outage demonstrates the global dependency on cybersecurity software and the far-reaching consequences of its failures. Cybersecurity failures affect the immediate functionality of IT systems and broader societal functions like healthcare, transportation, and financial services.
The global disruption caused by CrowdStrike's update shows major vulnerabilities in cybersecurity practices, like testing and software validation, where small changes can trigger large-scale outages.
As organizations work to recover and mitigate the effects, they must learn from this incident to enhance their response strategies and prevent such incidents from recurring.
Yes, the update impacted healthcare systems, including radiology reporting and patient appointment systems, affecting services such as prescriptions and patient records.
Furthermore, the disruption could have compromised access to protected health information (PHI).
HIPAA compliance requires effective cybersecurity, as it safeguards PHI from unauthorized access, breaches, and other security threats.
Healthcare organizations should regularly test their software, implement cybersecurity protocols, and have contingency plans to protect PHI and maintain HIPAA compliance.
Learn more: HIPAA Compliant Email: The Definitive Guide