While most businesses have since recovered, the CrowdStrike outage last week affected millions across all sorts of industries, from healthcare to travel. Major companies like Delta have struggled to make a smooth landing, and healthcare organizations across the country were also hit hard, as some hospitals were forced to delay care and pause electronic medical records system use.
However, amid the chaos, what has largely gone untold are stories of the companies that emerged unscathed. And within those unaffected companies lies a lesson for others, according to Andrew Molosky, president and CEO of Tampa-based Chapters Health System.
Chapters, a nonprofit system with 74 locations and over 3,500 staff members, experienced some blue screens of death, and some facilities had to revert to paper records. But by the end of the day on July 19, the system was “back to business as usual,” Molosky told Healthcare Brew. Overall, he said, the impact on the system was minimal.
“We’ve really focused on business continuity, redundancies, safety nets, and understanding of the difference between cybersecurity as a task and cybersecurity as a cultural commitment of your organization,” Molosky said. “It’s a validation of our investments while so many of our peers were languishing.”
These investments, Molosky said, included protocols for documenting on paper, using a backup application that provides patient information when electronic medical records and other systems are offline, and allowances for bringing in personal devices to use if company devices go down.
Essentially, the health system instituted a plan B for if its computer systems go down, meaning they aren’t dependent on one option to keep care going.
“The redundancies are numerous,” he said. “They’re not necessarily terribly sophisticated, but we have literally gone through and said, ‘What are the critical systems of our organization? What is the interplay between them? And if it comes crashing down, what is the plan?’”
Navigate the healthcare industry
Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.
Dan Denno, a senior architect at consulting company West Monroe, said that the outage highlighted the importance of investing in good prevention methods and IT infrastructure. While it can be considered costly, he said, an outage like this also hurts company revenues.
“Technology is always going to fail you somehow,” he said. “You have to have the processes to restore and get backup and understand the investments needed for your company and the severity of what an outage could cost you.”
Over-consolidation? Following the outage, think tank Open Markets Institute’s Europe Director Max von Thun said he’s concerned there’s “too much consolidation” in the technology infrastructure that companies rely on.
He’s concerned about not only over-reliance on CrowdStrike itself but also what he sees as a bigger issue: depending on only a few systems in general, especially Microsoft and Amazon products that he says create “single points of failure” if something goes wrong.
And something going wrong is likely going to happen often, von Thun added, as cybersecurity-related issues—as well as climate-related issues like flooding or heat waves that knock data centers offline—are becoming more common.
Open Markets is advocating for more regulations to help prevent another CrowdStrike-level outage. Von Thun also wants regulators to build more competition into the cloud computing market to “diversify things and improve resilience.”
“The reality for cybersecurity and business continuity is the work [must be] done well ahead of the disaster. It has to be part of the fabric of your company, like compliances, like customer service,” Molosky said. “It’s hard to celebrate cybersecurity—except for the days when you’re the only ones not sweating it.”