As health system IT teams reported steady progress in bringing computer systems and EHR access back online after Friday’s global outage, the U.S Cybersecurity and Infrastructure Security Agency (CISA) warned that cyber threat actors continue to leverage the outage to conduct malicious activity, including phishing attempts .
The widespread outage was caused by a faulty software update by CrowdStrike last Friday affected Windows-based computers, although many hospital systems were still experiencing scheduling delays and working through issues on Monday morning. In a blog post, Microsoft estimated the outage affected 8.5 million Windows devices. Microsoft notes that this number makes up less than 1 percent of all Windows machines.
CISA said it continues to work closely with CrowdStrike and other private sector and government partners to actively monitor any emerging malicious activity. It said that according to a CrowdStrike blog, threat actors have been distributing a malicious ZIP archive file. This activity appears to be targeting Latin America-based CrowdStrike customers.
Some health systems were praising their IT teams profusely, including New Jersey’s largest integrated health care delivery system, RWJBarnabas Health, which noted that if not managed aggressively and effectively, the outage could have caused significant disruption to the health system. “While we continue to work through technical issues, normal operations have resumed across the system. The ingenuity and teamwork demonstrated by RWJBarnabas Health’s workforce was exemplary,” the health system posted on Twitter/X. “Led by the system’s Information Technology Department and Office of Emergency Management, their tireless efforts to resolve issues quickly and efficiently were critical in maintaining patient safety during a time of uncertainty.”
The American Hospital Association (AHA) noted that Microsoft has published a recovery tool to aid in the recovery of systems.
In a statement, AHA National Advisor for Cybersecurity and Risk John Riggi said, “Recovery of hospital computer systems impacted by this outage is in full progress. For those hospitals that remain impacted, the Microsoft recovery solution may be able to accelerate recovery. We appreciate the responsiveness of both Microsoft and CrowdStrike and we will continue to engage their leadership to directly relay the operational, financial and clinical impact America’s hospitals and health systems are experiencing due to the CrowdStrike update.”
AHA posted a list of suggestions for hospital IT teams, including:
• If you have instances of CrowdStrike in your networks, determine the impact and review your business and clinical continuity procedures.
• Use this opportunity to identify impact and downtime procedures for all internal and third-party life-critical and mission-critical technology, services and supply chain.
• Test cyber incident response and emergency preparedness plans and communication channels.
• Plan for technology disruptions and cyber incidents on a regional basis.
• Be alert to increased phishing emails that may appear related to this disruption.
• Report any clinical impacts that your organization is experiencing to state and local public health officials as appropriate or required.
On Friday, nursing news website nurse.org reported that its Instagram account received thousands of comments from nurses across the U.S. reporting that their systems were down. According to the comments, outages were experienced in nearly every state and nurses reverted to paper charting, and in some cases, ambulances were diverted.
Washington-headquartered Providence’s website said it had been making steady progress bringing systems back online. “Our efforts will continue throughout this weekend as we work to restore service levels back to normal as much as possible by Monday morning,” the notice said.
Providence stressed that patient care would be ongoing, and that people should not delay emergency or urgent care.
Corewell Health, which became Michigan’s largest health system two years ago when Beaumont Health and Spectrum Health merged, said some of its computers and systems remain affected by the global technology issue. “We have many solutions in place that allow us to continue to care for our patients. We appreciate the continued understanding from our patients who are experiencing delays and are thankful to the dedicated team members who have been working on this issue,” the health system said in a statement.
