CrowdStrike - gettectonic.com
Healthcare IT and CrowdStrike
02Sep

Healthcare IT and CrowdStrike

Learning from the CrowdStrike Outage: Enhancing Resilience and Incident Response Overview: In the wake of the CrowdStrike outage, businesses around the globe are focusing on restoring business continuity and bolstering their resilience for future incidents. On Friday, July 19, 2024, a faulty content update triggered crashes across approximately 8.5 million Windows devices, displaying the infamous blue screen of death. This affected a range of sectors, including hospitals and airlines. Although less than 1% of all Windows machines were impacted, the outage caused significant disruptions, particularly in healthcare. For instance, Mass General Brigham hospitals and clinics canceled all non-urgent visits on the day of the outage. Other major healthcare providers, such as Memorial Sloan Kettering Cancer Center, Cleveland Clinic, and Mount Sinai, also faced operational challenges. This incident was not a result of a cyberattack but rather a defective content configuration update to CrowdStrike’s Falcon threat detection platform. According to the company’s preliminary post-incident review, a bug in the content validator allowed the faulty update to pass through validation despite containing errors. “What we’re hearing is that the recovery is well underway. Most healthcare organizations I’ve been talking to are back up and running,” said David Finn, Executive Vice President of Governance, Risk, and Compliance at First Health Advisory, in an interview with TechTarget Editorial. “The scope was much smaller than some of the other issues we’ve seen in the recent past in healthcare, but the response was healthy. Still, I think there are a lot of lessons learned.” Health IT security experts suggest that this incident can serve as a valuable learning opportunity for improving future response and recovery strategies. Planning for the Inevitable “The bad thing is always going to happen,” Finn stated, drawing on his 40 years of experience in health IT security and privacy. “The trick is to plan for it, be prepared, and ensure your ability to recover and remain resilient.” Whether it’s a large-scale cyberattack, like the one at Change Healthcare in February 2024, or a global IT outage without malicious origins, healthcare organizations of all sizes must be ready to respond to a variety of incidents that could disrupt critical systems. Finn emphasized the importance of proactive due diligence and thorough incident response planning, particularly in identifying and addressing single points of failure. Preparing for potential operational challenges in advance can make all the difference when an incident actually occurs. “We have to change the way we think about deploying this stuff,” Finn added. “Software, fortunately or not, is written by human beings, and human beings will always make mistakes. It’s our job to protect against those kinds of mistakes.” The Importance of Resilience Cyber-resilience is essential for enabling organizations to quickly recover and restore operations. By understanding that incidents like the CrowdStrike outage are bound to occur, organizations can focus on building resilience to effectively manage such events. Finn highlighted the need for resilience and redundancy in response to incidents like the CrowdStrike outage. “I still trust CrowdStrike, but that trust doesn’t mean they’re going to be perfect every time,” Finn noted. Healthcare organizations responded quickly to the incident, despite the disruptions it caused. For instance, Mass General Brigham activated its incident command to manage its response, keeping clinics and emergency departments open for urgent cases. By Monday, July 22, they had resumed scheduled appointments and procedures. According to Erik Weinick, co-head of the privacy and cybersecurity practice at New York-based law firm Otterbourg, the CrowdStrike incident underscores the need for organizations to reassess their legal and technical risk protocols. “Although initial reports indicate that the incident was an accident, not an attack, organizations should use this incident as motivation to conduct information audits, penetration testing, update system mapping and software, including security patches, and remind users about best security practices like multifactor authentication and frequently changing difficult-to-guess passwords,” Weinick said. Essentially, organizations can leverage incidents like the CrowdStrike outage to strengthen their risk management strategies and enhance their cyber-resilience. Third-Party Risk Management Challenges Even with strict security controls in place, organizations are still vulnerable to risks from third-party vendors. As the interconnectedness of healthcare systems grows, so does the potential for third-party risks. The global IT outage highlighted the importance of third-party risk management and the associated challenges. In 2023 and 2022, some of the largest healthcare data breaches were caused by third-party vendors. “People probably did a lot of risk analysis around CrowdStrike, but I’ll bet no one ever asked what tools they use to produce their software,” Finn speculated. “Until we get standards in place for software development and certifications for software sold to critical infrastructure sectors, we’re going to have to dig a little deeper.” In response to the incident, CrowdStrike announced plans to enhance its software resilience and testing processes, including adding more validation checks to its Content Validator for Rapid Response Content to prevent the deployment of faulty content. The company also plans to conduct multiple independent third-party security code reviews to prevent similar incidents in the future. “On the legal front, organizations should review their vendor agreements to understand their obligations regarding privacy and data security, who their partners are working with, and what limitations exist on liability for incidents like the CrowdStrike outage,” Weinick advised. He also recommended checking business disruption insurance coverage and conducting tabletop exercises to rehearse business continuity and recovery procedures in the event of a systems outage. Key Takeaways The CrowdStrike outage reinforced essential IT and security considerations for organizations worldwide, particularly in the areas of resilience, third-party risk management, and incident response and recovery. By learning from this event, organizations can better prepare for future challenges and improve their overall cyber-resilience. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent

Read More
September 2, 2024in Salesforce Health and Life Sciences Solutions, Salesforce Shield
Healthcare IT Lessons from CrowdStrike
02Aug

Healthcare IT Lessons from CrowdStrike

Post-Outage Recovery and Lessons from the CrowdStrike Incident Following the CrowdStrike outage on July 19, 2024, companies globally have been working to restore business continuity and enhance their resilience for future incidents. The outage, caused by a faulty content update, led to crashes on approximately 8.5 million Windows devices, affecting hospitals, airlines, and other businesses. Although less than 1% of all Windows machines were impacted, the incident caused significant disruptions, including appointment cancellations at hospitals. For instance, Mass General Brigham canceled all non-urgent visits on the day the outage began. Other healthcare organizations, such as Memorial Sloan Kettering Cancer Center, Cleveland Clinic, and Mount Sinai, also faced operational challenges. The cause of the outage was a defective content configuration update to CrowdStrike’s Falcon threat detection platform, not a cyberattack. A bug in the content validator allowed the faulty update to bypass validation, as noted in CrowdStrike’s preliminary post-incident review. David Finn, Executive Vice President of Governance, Risk, and Compliance at First Health Advisory, shared with TechTarget Editorial, “The recovery is well underway, and most healthcare organizations are back up and running. While the scope was smaller compared to other recent incidents in healthcare, the response was effective. There are valuable lessons to be learned.” Preparing for Future Incidents Finn, with 40 years of experience in health IT security, emphasized that incidents are inevitable. “The challenge is to plan, prepare, and be able to recover and stay resilient,” he stated. Whether facing a major cyberattack like the February 2024 Change Healthcare incident or an IT outage without malicious intent, healthcare organizations must be ready for various cyber incidents affecting critical systems. He highlighted the importance of thorough due diligence and incident response planning. Addressing potential operational challenges in advance and planning for cybersecurity events or IT failures will prove beneficial when an incident occurs. “We need to rethink how we deploy software,” Finn added. “Human errors will always happen, and it’s our job to protect against those mistakes.” Building Cyber-Resilience Cyber-resilience is crucial for quickly recovering and resuming operations. Organizations should anticipate incidents and focus on building resilience. Finn noted, “While I still trust CrowdStrike, trust does not guarantee perfection. Resilience and redundancy are vital.” Healthcare organizations responded swiftly to the CrowdStrike incident, with Mass General Brigham activating its incident command to manage the situation. The organization ensured that clinics and emergency departments remained open for urgent health concerns and resumed scheduled appointments and procedures by July 22. Evaluating Risk and Updating Protocols Erik Weinick, co-head of the privacy and cybersecurity practice at Otterbourg, urged organizations to use the CrowdStrike incident as an opportunity to reevaluate their risk management protocols. “Even if the incident was accidental, organizations should conduct information audits, penetration testing, update system mappings, and reinforce security practices like multifactor authentication and strong password policies.” Addressing Third-Party Risk The outage underscored the importance of managing third-party risks. The interconnectedness of healthcare systems amplifies these risks, as evidenced by some of the largest healthcare data breaches in recent years originating from third-party vendors. Finn suggested that while organizations may conduct risk analyses on vendors like CrowdStrike, they should also inquire about the tools used in software development. “We need standards and certifications for software used in critical infrastructure sectors,” he said. In response to the incident, CrowdStrike committed to enhancing its software resilience by adding more validation checks and conducting independent third-party security code reviews. Weinick advised reviewing vendor agreements, updating business disruption insurance coverage, and conducting tabletop exercises to rehearse business continuity and recovery procedures for all potential disruptions. Overall, the CrowdStrike outage highlighted critical IT and security considerations, emphasizing the need for resilience, effective third-party risk management, and robust incident response and recovery plans. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
August 2, 2024in Salesforce
Technology Cancels Your Flight
23Jul

Technology Cancels Your Flight

What to Do If Technology Cancels Your Flight – the Recent Crowdstrike Microsoft Outage The recent Crowdstrike Microsoft outage caused widespread disruption beyond just computers, stranding thousands of air travelers. When Technology Cancels Your Flight, here’s what you can do next: The Impact of the Outage Air travelers posted pictures on social media of crowded airports in Europe and the United States due to the technology outage on Friday. In the U.S., major airlines like American, Delta, United, Spirit, and Allegiant had all their flights grounded for varying lengths of time. The outage affected crucial systems, including those for checking in passengers, calculating aircraft weight, and communicating with crews. Travelers began to panic. By early evening on the East Coast, nearly 2,800 U.S. flights had been canceled and almost 10,000 delayed, according to FlightAware. Worldwide, about 4,400 flights were canceled. Delta and its regional affiliates canceled 1,300 flights, United and United Express canceled more than 550 flights, and American Airlines canceled more than 450 flights. Airports became crowded zoos of passengers milling around waiting for answers. The outage, blamed on a software update from cybersecurity firm CrowdStrike, affected Microsoft’s computers used by many airlines. Despite CrowdStrike identifying and fixing the issue, the damage was done, leaving hundreds of thousands of travelers stranded. What to Do Next Contact Your Airline Check Other Airlines and Airports Weekend Flights Air Traffic Control Refunds and Reimbursements Transportation Secretary Pete Buttigieg emphasized the need for airlines to take care of passengers experiencing major delays. Airlines affected by the outage are offering rebooking, vouchers, refunds, and other assistance. The Transportation Department fined Southwest $35 million last year as part of a $140 million settlement for nearly 17,000 canceled flights in December 2022. The department maintains a “dashboard” showing what each airline promises to cover during travel disruptions. By taking proactive steps and utilizing available resources, travelers can navigate the challenges posed by this unexpected technology outage and find alternative solutions to reach their destinations. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
July 23, 2024in Salesforce
What is CrowdStrike?
19Jul

What is CrowdStrike?

Global Outage Linked to CrowdStrike: What You Need to Know On Friday, a major global outage caused widespread disruptions, including flight cancellations, outages at hospitals and banks, and interruptions for broadcasters and businesses worldwide. Microsoft attributed the issue to a problem related to CrowdStrike, a cybersecurity and cloud technology firm. About CrowdStrike CrowdStrike, based in Austin, Texas, was founded in 2011 and offers a range of cybersecurity and IT tools. The company supports nearly 300 Fortune 500 firms and provides services to major companies such as Target, Salesforce, and T-Mobile. What Happened? The outage affected various public and private sectors globally, including airlines, banks, railways, and hospitals. According to CrowdStrike’s CEO, George Kurtz, the issue originated from a technical defect in a software update for Windows 10 systems, not from a cyberattack. A fix has been implemented, but some Microsoft 365 apps and services may still experience issues. Flight Disruptions Due to technical problems, American Airlines, United, and Delta requested a global ground stop for all flights on Friday morning. This led to the cancellation of at least 540 flights in the U.S. and significant delays at major airports, including Philadelphia International Airport. Stock Market Impact The outage affected the stock prices of both Microsoft and CrowdStrike. Premarket trading saw Microsoft’s stock (MSFT) drop 2.9% to $427.70, while CrowdStrike shares (CRWD) fell nearly 19% to $279.50, according to the Wall Street Journal. Other Effects The outage impacted universities, hospitals, and various organizations that rely on Microsoft systems. Thousands of train services were canceled in the U.S. and Europe, and some broadcast stations went off air. Hospitals, including Penn and Main Line Health in Philadelphia, canceled elective procedures due to technical difficulties. Blue Screens of Death Millions of Windows 10 users encountered “blue screens of death” (BSOD), indicating a critical error with the system. This problem arose from a bug linked to a Windows update, leaving many users unable to reboot their devices. Next Steps for Users Microsoft is rolling out an update to address the bug. CrowdStrike advises affected users to monitor the company’s customer support portal for further assistance. This incident highlights the significant impact of cybersecurity and software issues on global operations, emphasizing the importance of robust IT solutions and rapid response strategies. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
July 19, 2024in Salesforce

Subscribe to our mailing list. Join our mail list to receive our newsletter

We'll keep you up to date with our latest news, insights, free resources, and much more.
Don't worry, we won't spam you.
gettectonic.com