The CrowdStrike outage was a major wakeup call. It caused waves of lasting disruptions across various sectors, including healthcare and transportation. While we were all relieved it was not the result of a cyberattack, the fact that a critical misconfiguration took down this many systems is still something that should alarm everyone, especially those of us in healthcare IT.
During our latest episode of Cracking the Code, Chris Bowen, Founder and CISO of ClearDATA, unravels the complexities of the outage, its impact on healthcare, and actionable strategies for companies to ensure business resiliency, even during an outage like this one.
A Misconfiguration Brings Global Chaos
It all started with a misstep during a routine software update, where a content file with high-level kernel privileges was inadvertently deployed. The kernel, a core component of the operating system, wields substantial control over hardware and software interactions. This misconfiguration triggered a recurrent logic loop, leading to what many dreaded—the infamous “blue screen of death” on affected Windows systems worldwide.
Despite the severity of the situation, CrowdStrike’s response was impressively fast. Within just 30 minutes, a fix was issued – but the damage was already widespread. For millions on Windows systems, an excessive loop of reboots began, shutting professionals and entire healthcare systems out of their computers.
Preventing Misconfigurations & Mitigating Impacts
Bowen’s insights remind us of a few key concepts, including the necessity of staged rollouts for software updates. Unlike CrowdStrike’s approach, companies like Apple have successfully implemented gradual rollouts, allowing them to catch potential issues before they escalate. This strategy could have mitigated the impact significantly, preventing the cascade of failures witnessed during this outage.
Another crucial point he raises is the role of communication during crises. Swiftly setting up a dedicated service desk and transparent communication with customers is pivotal in managing this kind of fallout and maintaining trust.
Bowen also emphasizes the importance of conducting regular security and business risk analyses, particularly in sectors where downtime can have life-threatening implications. Organizations should maintain a criticality matrix to prioritize the recovery of essential systems, ensuring business continuity even in adverse situations.
He explains why the role of vendors and regulators cannot be overlooked, describing how misconfigurations and outages can stem from third-party vendors. He highlights the need for rigorous vendor assessments and regular evaluations. Meanwhile, regulators should focus on enhancing system resiliency and enforcing disaster recovery and business continuity tests. This keeps healthcare organizations not only prepared to face outages, but also equipped to recover as quickly as possible.
From staged rollouts to rigorous vendor management and proactive communication strategies, the insights from the outage provide a roadmap for organizations striving to enhance their resilience. In an increasingly digital future, we can’t forget to protect cloud data from both external threats and internal missteps.
Your Cybersecurity Resiliency Handbook
From staged rollouts to rigorous vendor management and proactive communication strategies, the insights from the outage provide a roadmap for organizations striving to enhance their resilience. In an increasingly digital future, we can’t forget to protect cloud data from both external threats and internal missteps.
Here are the steps you shouldn’t wait to take to keep your business and patient and customer data protected.
Understand cyber coverage and claims within your specific business industry: Understanding cyber coverage and claims specific to your industry is crucial for effective risk management. Each sector faces unique threats, and tailored insurance can protect against data breaches, ransomware, and compliance issues. Familiarizing yourself with coverage options ensures your business is safeguarded and prepared for potential cyber incidents.
Consistently review and refine incident response plans: Ensure that all communication protocols and criticality matrices are current. Perform comprehensive assessments of vendors and set clear expectations regarding their cybersecurity practices.
Collaborate with regulators: Collaboration with regulators within to ensure industry-wide standards for resilience and recovery are enforced and continuously evaluate and improve cybersecurity practices to stay ahead of potential threats.
Consult your criticality matrix or establish one if you don’t already have one: Criticality matrices help businesses understand which systems are impacted, and how critical they are to your operations. It’s important to do your security and business risk analysis post event and implement strategies for possible future incidents.
Create or update your Business Continuity and Disaster Recovery Plans: Healthcare organizations should conduct a risk assessment to identify vulnerabilities, establish clear communication channels, and regularly update their BCDR plans. Implement data backups and ensure staff are trained in cybersecurity protocols. Conduct regular drills to test response effectiveness. Collaborate with IT security experts to ensure plans align with the latest cybersecurity threats and compliance requirements.
Implement early warning systems: Early warning systems in healthcare cybersecurity are crucial for identifying potential misconfigurations before they escalate into serious incidents. These systems enable healthcare organizations to detect unusual patterns in data access, network traffic, or user behavior, allowing for timely intervention. By implementing early warning systems, healthcare providers can protect sensitive patient information, maintain compliance with regulations, and ensure the continuity of care, ultimately safeguarding both their operations and the health of their patients.
Understand the potential role of second-order bad actors: Second order bad actors may exploit the chaos following an outage or other incident by launching secondary attacks or phishing campaigns, capitalizing on the confusion and trust deficits created. They might impersonate legitimate entities to gather sensitive information or manipulate victims into taking harmful actions. Additionally, these actors could resale stolen data or leverage vulnerabilities exposed during the initial incident, further complicating recovery efforts and increasing the overall impact of the cyber event on individuals and organizations.
Cybersecurity awareness & continuous training and skill development: In healthcare, prioritizing cybersecurity awareness and training is crucial to protect sensitive patient information. By fostering a culture of responsibility, organizations can empower staff to recognize threats and respond effectively. This proactive approach not only safeguards data but also builds trust with patients, ensuring compliance with regulations and enhancing overall care.
By incorporating these measures into your organization’s cybersecurity strategy, you can mitigate the impact of IT incidents, protect sensitive data, maintain trust with stakeholders, and ultimately ensure business continuity in the face of adversity.
Hear from Chris Bowen for his full insights on healthcare cloud business resilience in the face of cybersecurity incidents and outages. Tune into the latest episode of Cracking the Code.
