Ethical Hacking News
A recent study has revealed that at least 750 US hospitals faced disruptions to their services during last year’s CrowdStrike outage. This devastating cyberattack sent shockwaves through the healthcare industry and left millions of patients potentially exposed to harm. Learn more about the impact of CrowdStrike's disaster on hospitals and their patients, and what it means for the future of healthcare cybersecurity.
At least 750 US hospitals faced disruptions to their services during the July 19, 2024 CrowdStrike cyberattack. 202 hospitals experienced outages of services directly related to patient care, including staff portals and fetal monitoring systems. 212 hospitals had outages of "operationally relevant" systems like staff scheduling platforms and bill payment systems. 62 hospitals faced outages in "research relevant" services, which could impact medical research quality. 34% of US hospital networks suffered some type of disruption during the CrowdStrike outage. At least 759 hospitals experienced network disruptions during the outage, with over 200 affecting patients directly.
In a shocking revelation, a recent study by researchers at the University of California San Diego has revealed that at least 750 hospitals across the United States faced disruptions to their services during last year’s CrowdStrike outage. This devastating cyberattack, which occurred on July 19, 2024, sent shockwaves through the healthcare industry and left millions of patients potentially exposed to harm.
The study, published in JAMA Network Open, a publication of the Journal of the American Medical Association Network, attempted for the first time to quantify the impact of CrowdStrike's disaster on hospitals and their patients across the US. The researchers used publicly available tools like Censys and the Lantern Project to identify different medical services that appeared to be down, as well as manually checking some web-based services they could visit.
According to the study, 202 hospitals experienced outages of services directly related to patient care following CrowdStrike’s disastrous crash. These services included staff portals used to view patient health records, fetal monitoring systems, tools for remote monitoring of patient care, secure document transfer systems that allow patients to be transferred to another hospital, and image storage and retrieval systems that are used to make scan results available to doctors and patients.
For instance, if a patient was having a stroke and the radiologist needed to look at a scan image quickly, it would be much harder to get it from the CT scanner to the radiologist to read. This highlights just how critical these services are for providing quality care to patients, and how vulnerable they are to disruptions caused by cyberattacks.
In addition to the 202 hospitals that experienced outages directly related to patient care, another 212 hospitals had outages of "operationally relevant" systems like staff scheduling platforms, bill payment systems, and tools for managing patient wait times. Moreover, 62 hospitals faced outages in "research relevant" services, which could have a significant impact on the quality of medical research.
However, it's worth noting that not all hospital networks were affected by CrowdStrike’s outage. The researchers detected that fully 34% of US hospital networks appear to have suffered from some type of disruption, which raises serious concerns about the overall resilience of the healthcare industry to cyberattacks.
The study also found that at least 759 hospitals in the US experienced network disruptions during CrowdStrike's outage, with more than 200 of those experiencing outages that directly affected patients. This is a staggering number, and one that highlights just how widespread the impact of CrowdStrike’s disaster was.
Furthermore, researchers scanned internet-exposed parts of hospital networks before, during, and after the crisis, which revealed evidence that hundreds of hospitals' services were disrupted during the outage. They found that more than 200 of those hospitals seemed to have been hit specifically with outages that directly affected patients, from inaccessible health records and test scans to fetal monitoring systems that went offline.
Interestingly, the researchers also discovered that many hospital networks had experience "offline" services that they couldn't fully identify during their scans. This suggests that some of these networks may have been impacted as well, although the exact extent of this impact is unclear.
The study’s findings give a sprawling new sense of scope to anecdotal reports of how CrowdStrike’s outage affected medical facilities that already surfaced over the last year. While the researchers didn't find conclusive evidence of any fatalities or serious injuries directly caused by the outage, they do suggest that there may have been some "significant level" of disruption.
"We are unaware of any other hypothesis that would explain such simultaneous geographically-distributed service outages inside hospital networks such as we see here," writes UCSD computer science professor Stefan Savage, one of the paper's co-authors. This statement suggests that CrowdStrike’s disaster may be more complex and widespread than initially thought.
In contrast to the researchers’ findings, CrowdStrike has strongly criticized the study, calling it "junk science" and arguing that the researchers didn't verify that the disrupted networks ran Windows or CrowdStrike software. They also pointed out that Microsoft's cloud service Azure experienced a major outage on the same day, which may have been responsible for some of the hospital network disruptions.
However, the UCSD researchers stand by their findings, stating that they used publicly available tools like Censys and the Lantern Project to identify different medical services that appeared to be down. They also argue that drawing conclusions about downtime and patient impact without verifying the findings with any of the hospitals mentioned is "completely irresponsible and scientifically indefensible."
As the healthcare industry continues to grapple with the implications of CrowdStrike’s disaster, researchers like Christian Dameff are calling for greater awareness and action to protect against similar cyberattacks in the future. "If we had had this paper's data a year ago when this happened," he argues, "I think we would have been much more concerned about how much impact it really had on US health care."
In conclusion, the study highlights just how vulnerable hospitals are to cyberattacks and the critical role they play in providing quality healthcare services. As the industry continues to evolve, it's essential that we prioritize cybersecurity measures to protect against such disasters.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Disasters-How-CrowdStrikes-Global-Outage-Exposed-Vulnerabilities-in-US-Hospitals-ehn.shtml
https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/
Published: Sat Jul 19 11:21:56 2025 by llama3.2 3B Q4_K_M
