A recent study published in JAMA delved into the repercussions of the CrowdStrike outage that occurred last year, shedding light on the impact it had on hospitals across the country. The survey, which gathered responses from 2,232 hospitals, revealed that over a third of them experienced significant system downtimes due to a faulty cybersecurity update from the vendor. This outage resulted in the disabling of lab systems, disruptions in scheduling tools, and the loss of access to electronic health records in hundreds of hospitals. It forced CIOs to reevaluate their approach to managing automatic system updates.
In response to the crisis, CrowdStrike has honed in on two pivotal areas crucial for CIOs. Firstly, they have bolstered system safety and self-recovery by developing sensors for Windows and macOS that can detect update failures, automatically enter safe mode, and activate CrowdStrike’s remediation toolkit to restore operations without manual intervention. Secondly, they have revamped their update control system, giving organizations the autonomy to dictate when and how to deploy sensor and content updates.
The new content control capabilities afford customers greater flexibility in managing updates through host group policies, enabling them to establish distinct deployment schedules for test systems, workstations, and mission-critical infrastructure. CrowdStrike also introduced content pinning, a feature that allows customers to lock their systems to specific content versions, granting them precise control over the timing and manner of update deployment. This underscores the importance of implementing stringent IT change management policies before implementing any updates or alterations.
Looking ahead, healthcare CIOs are advised to continue investing in security EDR solutions, which transcend conventional antivirus measures. EDR provides advanced threat detection, investigation, and response capabilities directly on endpoint devices, such as laptops, desktops, servers, and cloud workloads. There are four key advantages for CIOs in embracing an EDR solution.
Firstly, EDR equips IT teams with the ability to track system activity in real-time, offering comprehensive visibility into user behavior and configuration changes. This facilitates swift responses in the event of a suspected attack. Furthermore, EDR aids in identifying suspicious processes running on machines, crucial for detecting malicious activity that may elude traditional security tools.
Moreover, EDR is instrumental in detecting code injections and persistence attempts, providing IT teams with the means to isolate and remove threats promptly. Lastly, EDR monitors device connections to detect any communication with suspicious or malicious websites, enabling proactive measures to prevent data exfiltration.
By investing in EDR, organizations can transition from reactive defense to proactive control, equipping healthcare CIOs with the intelligence needed to fortify their security programs. In the wake of the CrowdStrike outage, it is imperative for healthcare CIOs to adapt and enhance their security protocols to mitigate the risk of similar incidents in the future.
