The recent CrowdStrike outage has sent shockwaves through the healthcare industry, causing significant disruptions to healthcare services and electronic medical records (EMR) systems across the United States. This incident highlights the critical importance of cybersecurity and IT infrastructure resilience in healthcare organizations.
The outage, caused by a software update issue in CrowdStrike's Falcon Sensor, has affected numerous healthcare services. Here are just a few examples:
- Mass General Brigham Cancels Procedures: The prestigious Massachusetts health system canceled elective and non-emergent surgeries and procedures across affiliated facilities. They also limited routine lab and radiology orders to urgent needs only.
- Cincinnati Children's Hospital Faces Delays: Due to the outage, patients arriving for surgery or radiology appointments at Cincinnati Children's Hospital Medical Center in Ohio likely faced delays.
- Emergency Call Centers Affected: Some emergency call centers were down, further complicating the situation for hospitals and potentially impacting patient care.
- CareFirst BlueCross BlueShield Experiences Issues: The insurance provider reported intermittent system issues affecting connectivity, demonstrating that the outage impacted insurers as well as healthcare providers.
Let's explore the impact on healthcare organizations, protecting your organization, and how Coker can help.
Impact on Healthcare Organizations
The CrowdStrike outage has significantly impacted healthcare organizations across the United States in the following ways:
- Disrupted Patient Care: Many physician practices had to delay or reschedule appointments due to inaccessible electronic medical records.
- Communication Challenges: With some systems down, communication between physicians, staff, and patients became more difficult.
- Billing and Administrative Delays: The outage likely caused delays in billing procedures and other administrative tasks crucial for physician enterprises.
- Increased Workload: Staff had to resort to manual processes, which significantly increased their workload and the potential for errors.
- Patient Trust Concerns: The outage may have raised concerns among patients about the security and reliability of their healthcare providers' systems.
Protecting Your Organization
In light of this incident, healthcare organizations, should consider these 3 protective measures.
Ensure your IT Vendor Partners are Reliable
Healthcare organizations should partner with vendors that provide high-availability solutions allowing systems to respond to market dynamics without interrupting operations.
Perform a standard IT Risk Assessment with any contracted IT vendor to ensure they have a comprehensive contingency plan during unexpected downtime, covering aspects such as system redundancies, disaster planning, training of employees on ransomware, and use of backup generators.
Once an IT partner is selected, be sure your contract includes all-inclusive service level agreements (SLAs) that guarantee high uptime (ideally the five nines or 99.999 percent), which is crucial.
Dust off & Update your IT Disaster Recovery Plans
Organizations should review their IT Disaster Recovery Policy and Plan to make sure it includes the following:
- Regular Disaster Recovery Drills: Conduct frequent drills to prepare staff for manual operations when necessary.
- Down-time Operational Workflows: Ensure backup/downtime processes can be quickly activated during outages.
- Staff Training: Regularly train staff on digital and manual processes to ensure continuity of care during outages.
- Quarterly Failure-Mode-Effects-Analysis (FMEA): Complete an analysis that identifies potential risks, risk probability, downstream consequences, and, most importantly, identifying prevention strategies to mitigate the most probable high-impact risks.
- Cross-Functional Review: After any event that disrupts your IT systems, pull a cross-functional team together to review what could have been done differently and what went well so you are better prepared next time.
Enhance your Cybersecurity Measures
Invest in comprehensive cybersecurity solutions to protect against potential threats. Other critical strategies include:
- Cyber Awareness Training: Train staff on cybersecurity best practices, and educate employees about phishing, social engineering, and safe online behavior.
- Access Controls: Control access to critical systems and data, using strong authentication methods (such as multi-factor authentication) and limit privileges based on job roles.
- Firewalls and Intrusion Prevention Systems (IPS): Deploy firewalls and IPS to protect the network perimeter by monitoring and blocking malicious traffic.
- Network Segmentation: Isolate sensitive data and systems using network segmentation to limit the lateral movement of attackers within the network.
How Coker Can Help
Coker, a leading healthcare advisory firm, offers comprehensive solutions to help healthcare organizations strengthen their IT infrastructure and manage crises effectively. Here's how Coker can assist:
- IT Strategy and Planning: Coker can guide you in developing robust IT strategies aligned with your operational goals. This includes analyzing current IT vendor partners and SLAs, risk assessment, disaster recovery planning, and ensuring IT systems are resilient against disruptions.
- Cybersecurity Solutions: With increasing digitization of healthcare systems, ensuring the security and privacy of patient information is paramount. Coker helps you implement robust cybersecurity measures to protect your data from potential cybercriminals.
- Digital Transformation: Coker assists you in navigating the complexities of digital transformation in healthcare. We work with you to optimize your digital systems while ensuring they remain secure and compliant.
- Compliance and Regulatory Guidance: Coker can perform a security risk analysis to help ensure your IT systems and processes comply with healthcare regulations. The analysis can identify areas of risk and vulnerability and offer suggestions on how to reduce them. It can also reduce your risk of civil monetary penalties and increase patient trust.
The CrowdStrike outage is a stark reminder of the vulnerabilities in healthcare IT systems. For physician enterprises and healthcare organizations, it's crucial to have robust, resilient IT infrastructure and expert support to navigate such challenges.
Coker's comprehensive solutions provide the tools and expertise you need to protect your organization from IT disruptions and cybersecurity threats. By partnering with Coker, you can enhance your IT resilience, ensuring you are better prepared to handle future challenges and continue providing high-quality patient care.
Ask Coker
Don't let the next IT outage catch your organization off guard.
We'd love to hear what your questions are on this topic. Contact us today to speak with Michael O’Toole and learn how to strengthen your healthcare IT infrastructure, ensuring continuous, high-quality patient care.