The study found that at least 750 U.S. hospitals encountered disruptions in crowdsourcing last year.
A year ago today, an off-road vehicle update of software sold by cybersecurity company CrowdStrike shot down millions of computers around the world and sent them into a death spiral of repeated restarts, all of which crashed machines have the global cost of one of the worst cyber attacks in history. Some of the various estimates of total global damage have stretched to billions of dollars.
Now, a new study by a team of medical cybersecurity researchers has taken the first step to quantify the cost of the Crowdstrike disaster is not the dollar, but the potential harm to U.S. hospitals and their patients. It reveals evidence that services in hundreds of hospitals were damaged during the disruption and raised concerns about the potential serious impact of patients’ health and well-being.
UC San Diego researchers today mark the first anniversary of the Crowdstrike disaster by publishing a paper in the publication of the American Medical Association Network Journal, which first attempted to create the first time network convergence to July 19, which fuses to 2024, the impact of the network, and on July 19, 2024, the network converges these networks and broadcasts the services on those networks.
By scanning the exposed parts of the hospital network before, during and after the crisis, they found that at least 759 hospitals in the United States seemed to have experienced some kind of network damage that day. They found that more than 200 of these hospitals appear to have been suffering from failures that directly affect patients, from inaccessible health records and test scans to offline fetal monitoring systems. Of the 2,232 hospital networks they were able to scan, researchers found that 34% of them seemed to have suffered some type of damage.
All of this suggests that UCSD emergency physician and cybersecurity researcher and one of the authors of the paper Christian Dameff believes that mass disruption can be a “major public health problem.” He added: “If we had the data from this article a year ago, I think we would be more worried about how much impact it really has on American health care.”
Crowdstrike strongly criticized UCSD research and JAMA’s decision to release it in a Wired statement, calling the paper “junk science.” They noted that the researchers did not verify that the interrupted network was running Windows or CrowdStrike software, noting that Microsoft’s cloud service Azure experienced a massive power outage on the same day, which could have caused network outages in some hospitals. “Grading conclusions about downtime and patient impact without verifying any hospital’s findings is totally irresponsible and scientifically irrefutable,” the statement said.
“Although we rejected the methodology and conclusions of this report, we recognize that the incident had an impact on it a year ago,” the statement added. “As we said from the outset, we sincerely apologize to our clients and affected clients and continue to focus on strengthening the resilience of the platform and the industry.”
