CrowdStrike Face Questions
GPs couldn’t treat patients, people were stranded as planes couldn’t get off the ground, and small businesses lost thousands in sales. Two months on from the global IT outage on 19 July, the full impact is still only now becoming apparent.
A rogue software update by the US cybersecurity company CrowdStrike crippled up to eight and half million computers using Microsoft systems around the world.
For many GPs, they were unable to use the EMIS system – a digital way of managing appointment bookings and patient records, as well as sending prescriptions to pharmacies.
The British Medical Association – the trade union and professional body for doctors and medical students in the UK – said the CrowdStrike outage, external was “one of the toughest single days in recent times for GPs across England”, with doctors forced to return to pen and paper.
Elsewhere, the BMA said there were also major problems in Northern Ireland. Around 75% of GPs in Northern Ireland use the EMIS system according to Dr Frances O’Hagan, the chair of BMA’s Northern Ireland GP committee.
“We couldn’t do anything for most people,” she said. “We just had to take it on the chin and get on with it.”
She said GPs in Northern Ireland faced similar backlogs to colleagues in England, including a delay to suspected cancer referrals.
The Department of Health told the BBC it is in discussion with “external suppliers” to strengthen “continuity arrangements” following the CrowdStrike outage. It says GPs had access to “local copies” of patient data from EMIS during the outage, and all other systems worked.
Professor Kamila Hawthorne, Chair of the Royal College of GPs, told the BBC it was “crucial” that there should be “safeguards in place” in the future.
In Surrey, 50 patients who were due to receive radiotherapy treatment on the day of the outage were forced to reschedule., external
A spokesperson from NHS Royal Surrey Trust said all urgent cases were seen within 24 hours.
NHS England did not comment.
The UK government told BBC News contingency plans were quickly enacted, and said it is working with NHS England to help prevent similar incidents.
On the west coast of the United States, meanwhile, Providence healthcare operates 53 hospitals and over 1,000 clinics.
Adam Zoller is in charge of cyber security for the company.
He describes the first few hours as “a catastrophe” for hospital IT systems, but 80% were fixed in 48 hours.
The hospitals did cancel non-emergency procedures, but Adam said “in large parts patient care was unaffected. CrowdStrike could have handled this in a lot of different ways, and I think they handled it as well as they could have.”
At many airports, travel operators were forced to cancel thousands of flights across the world. Delta Airlines in the United States faced a huge impact. It cancelled around 7,000 flights over five days, faces an investigation from the US authorities and is involved in several legal actions.
A spokesperson from CrowdStrike told BBC News: “As we have said previously, we fully understand the gravity of the incident and apologise to everyone who was affected.
“We’re committed to using the lessons learned to better serve our customers and prevent anything like this from happening again.”