When a year ago a buggy update to software sold by cybersecurity firm Crowdstrike, millions of computers around the world took off and sent them into a death spiral of repeated re -principles, the world costs of all the machines were equal to one of the worst cyber attacks in history. Some of the different estimates of the total damage worldwide stretched in the billions of dollars.
Now a new study by a team of medical cybersecurity researchers has taken the first steps not to quantify the cost of Crowdstrike’s disaster in dollars, but in possible damage to hospitals and their patients in the US. It shows evidence that hundreds of hospitals’ services were disrupted during the interruption, and that they raise concerns about potentially serious health and well -being consequences.
Researchers at the University of California San Diego today marked the one -year anniversary of Crowdstrike’s disaster by releasing a paper in Jama Network Open, a publication of the Journal of the American Medical Association Network, which first had a rough estimate of the number of hospital.
By scanning the Internet-exposed parts of hospital networks before, during and after the crisis, they noted that it experienced at least 759 hospitals in the US on that day network disruption of some kind. They found that more than 200 of the hospitals were apparently hit specifically with interruptions that directly affected patients, from inaccessible health records and test scans to fetal monitoring systems that went offline. Of the 2,232 hospital networks they could scan, the researchers noted that 34 percent of them appeared to have suffered from a kind of disruption.
All of this indicates that the interruption of the crowds of the crowd could have been a ‘significant issue of public health’ argues Christian Dameff, a UCSD medicine for emergency medicine and cyber security researcher, and one of the newspaper writers. “If we had the data of this article a year ago when it happened,” he adds, “I think we would have been much more concerned about how much impact it had on US healthcare.”
Crowdstrike, in a statement to Wired, strongly criticized the UCSD study and JAMA’s decision to publish it and call the newspaper ‘Junk Science’. They note that the researchers did not confirm that the disrupted networks were running Windows or Crowdstrike software, pointing out that Microsoft’s cloud service Azure experienced a major break on the same day, which was possibly responsible for some of the hospital network failures. “Conclusions on downtime and the impact of the patient without verifying the findings with any mentioned hospitals are completely irresponsible and scientifically indefensible,” the statement says.
“As we reject the methodology and conclusions of this report, we acknowledge the impact the incident had a year ago,” the statement adds. “As we said from the beginning, we sincerely apologize to our clients and those affected and focus on strengthening the resilience of our platform and the industry.”