Chris Bowen, ClearDATA Founder & CISO. Member of Forbes Technology Council

Why Recent Outages Are A Wake-Up Call For Healthcare And Regulators

“We can better protect patient care and safety by demanding accountability and implementing robust cybersecurity measures.” – Chris Bowen

 

When the CrowdStrike outage first started to show itself in the early hours of that hazy July morning, it was hard to believe that this wasn’t a hack or cyberattack. I was driving in my car that morning and looked up to see a digital billboard glitch into the “blue screen of death” before my eyes. Flights were grounded, travel was delayed, and nearly every Windows machine in the world was unusable. It was total mayhem.

Clearly, this was an outage of major proportions, as millions of Windows systems worldwide essentially cratered. Caused by a faulty misconfiguration, we saw firsthand how the very digital advancements that have helped transform and modernize our world also expose us to more vulnerabilities than ever.

Remarkably, CrowdStrike deployed a fix within 79 minutes. But it wasn’t enough to alleviate the many other impacts of the outage that continued to play out that day, and in the days and weeks to follow.

In healthcare, this event laid bare the vulnerabilities we cannot overlook—the gaps that directly threaten patient care and safety. It’s a clear reminder of our industry’s utmost responsibility to patient privacy and well-being. To do that job effectively, though, we also must be able to count on U.S. regulators to hold our industry to the highest possible security standards and ensure this cannot happen again.

Understanding Recent Outages And Their Impact

The CrowdStrike outage affected numerous healthcare facilities nationwide and brought many healthcare systems’ operations to a stunning halt. Far too many hospitals could not access patient records, delaying treatments and critical interventions.

Losses from this outage are estimated to exceed $1.9 billion. It’s a staggering figure, highlighting the severe economic impact on healthcare systems already burdened by operational and technological challenges.

This particular outage is not the first of its kind to affect patient care and the delivery of healthcare services. The recent failure of Oracle’s database, which hit the Department of Veterans Affairs electronic health records (EHR) system, only highlights the fragility of our digital healthcare system. Outages like these can delay care and prevent access to the critical health information necessary to treat patients.

How Healthcare Can Address Security Vulnerabilities

No organization is immune from technological failures, even those designed to protect us. Preparedness is key. Healthcare organizations must regularly review and update their continuity procedures, test their incident response plans and ensure effective communication channels for swift incident reporting.

Actionable Steps For Building Business Resiliency

Here are the practical steps leaders can take to prevent or minimize the impact of similar incidents in the future:

  • Implement Redundant Systems: Diversify your cybersecurity solutions to avoid dependence on a single vendor. Ensure multiple systems support critical processes to prevent single points of failure.
  • Invest In Continuous Monitoring: Use advanced monitoring tools to detect and respond to cyber threats in real time, maintaining a proactive stance against potential disruptions.
  • Regularly Test And Update Incident Response Plans: Conduct regular drills and simulations to ensure response plans are effective and up to date, identifying gaps and improving response times.
  • Foster Cybersecurity Awareness: Educate and train staff on cybersecurity best practices. A knowledgeable workforce is a crucial line of defense against cyber threats.
  • Prioritize Change Management: Thoroughly test updates and deployments before implementation to identify potential issues early and mitigate system failure risks.
  • Collaborate With Cybersecurity Experts: Engage with experts to stay informed about the latest threats and implement robust defense strategies. Regular security audits can identify vulnerabilities and areas for improvement.

The Path Forward

These recent outages are a clarion call for healthcare leaders and technical experts. We can better protect patient care and safety by demanding accountability and implementing robust cybersecurity measures. The focus must be on creating a resilient and secure ecosystem capable of withstanding future disruptions.

While healthcare as an industry absolutely must stay proactive and ready, we also count on regulators to do their part. I am calling on our regulators to put measures in place to ensure that an outage of this scale does not happen again. Now is the time to act and ensure a secure future for healthcare.

Protect patients and the integrity of healthcare. The urgency for action is now.

Original article published as a Forbes Technology Council Post

Talk with a healthcare cloud expert who knows what it takes to protect your data in the cloud.

Protect your data like you protect your home.

Speak with an expert