It was half past midnight Eastern time when Andrew Rosenberg, an anesthesiologist and critical care physician who serves as Michigan Medicine’s chief information officer, suddenly realized that a significant number of computers in the medical center had stopped working, in what the hospital called a “catastrophic major incident.”
“We have pretty advanced automated monitoring of our core systems, and if they suddenly go offline we get alerts,” Rosenberg said. “We had some units where most of the computers were blue screening.”
It quickly became clear that this was no isolated incident: a cybersecurity company called CrowdStrike had been regularly updating its Falcon antivirus product, which is used by a variety of businesses, including banks, airlines, and hospitals. The update contained a bug. The error caused all computers running the software on Windows operating systems to crash.
Across the world, doctors, nurses and hospital administrators were in a state of panic as they dealt with the effects of the largest IT outage in history. Massachusetts General Hospital Brigham, one of the largest health systems in the United States, canceled all non-urgent surgeries, procedures and consultations. In the UK, Royal Surrey NHS Foundation Trust declared a major incident affecting the system used to deliver radiation therapy. Hospitals in Canada, Germany and Israel announced problems with digital services, and 911 emergency services were reported down in several US states. WIRED reporters found that both Baylor Hospital Network and Quest Diagnostics, one of the largest non-profit health systems in the country, were unable to process routine blood tests. Phoenix police spokesperson Donna Rossi explained that while phone calls were still working, officers had to be dispatched manually because the internet was not working.
The level of disruption appears to vary both between and within health systems. “Our hospital is completely down due to issues with #Crowdstrike,” Dana Chandler, a nurse at GBMC Healthcare in Maryland, posted on X. “No phones, no computers, no safety net. It’s an all in one day. Praying for our patients to be safe.” At Michigan Medicine, which was up since 1 a.m. dealing with the crisis, Rosenberg said between 15 and 60 percent of computers were not working, depending on the unit.
“The impact is profound,” he says, “affecting every aspect of the modern digital health system. Thankfully, in units where computers are constantly on, such as the ICU or emergency department, the computers did not receive the CrowdStrike application upgrade, but in more intermittent areas of care, such as operating rooms, the disruption will be much greater.”
Rosenberg said the biggest area of ââdisruption has been so-called “digital bottlenecks” that require communication between multiple computer systems. He cited the critical task of cleaning, disinfecting and sterilizing medical equipment and patient-care supplies, which are monitored through digital tools across multiple computers to ensure best practices are followed and the risk of deadly infections is minimized.