A Year After The Outage For Healthcare CIOs

Forbes

4 days ago

This photograph shows screens displaying the logo of "CrowdStrike" cybersecurity technology company ... More in Paris on July 19, 2024, AFP via Getty Images
A JAMA study examined the impact of last year's CrowdStrike outage by surveying 2,232 hospitals and found that more than a third experienced significant system downtimes caused by a faulty cybersecurity update from the vendor. The outage disabled lab systems, disrupted scheduling tools, and cut off access to electronic health records in hundreds of hospitals. CIOs faced more than just disruption; the crisis forced them to rethink how they manage automatic system updates.
Over the past year, CrowdStrike has focused its product development on two key areas that matter most to CIOs.
CrowdStrike enhanced system safety and self-recovery by developing sensors for Windows and macOS to detect update failures, automatically enter safe mode, or activate CrowdStrike's remediation toolkit to restore operations without manual intervention.
Second, CrowdStrike redesigned its update control system, allowing organizations to decide exactly when and how to deploy sensor and content updates.
The new content control capabilities enable customers to manage updates with greater flexibility through host group policies, allowing them to set different deployment schedules for test systems, workstations, and mission-critical infrastructure.
CrowdStrike also launched content pinning, a feature that lets customers lock their systems to specific content versions. This gives them precise control over when and how they deploy updates. Content pinning reinforces the CIO's responsibility to establish strict IT change management policies before rolling out any updates or modifications.
Healthcare CIOs should continue investing in security EDR solutions, as these tools extend beyond traditional antivirus. EDR delivers advanced threat detection, investigation, and response capabilities directly on endpoint devices, including laptops, desktops, servers, and cloud workloads. Below are four advantages for CIOs in investing in an EDR.
One advantage of EDR is its ability to answer a critical question during a suspected attack: What happened on this machine ? EDR tools actively monitor system activity in real-time and log everything, from user behavior to configuration changes. When a threat appears, IT teams can trace every action, such as a user downloading a suspicious file or running an unauthorized script. The visibility allows the IT and security team to respond quickly.
EDR also reveals what processes ran on a machine, which is essential for identifying suspicious activity. Processes are programs or services that run in the background, and attackers often rely on legitimate-looking ones to conceal malicious actions. By monitoring and logging every process, EDR helps IT identify unusual behavior, such as a text editor attempting to access system files or a browser launching unknown scripts, that traditional tools might overlook.
A third benefit is detecting whether any code injection or persistence attempt has occurred. Code injection occurs when an attacker inserts malicious code into a trusted application to gain control. Persistence refers to techniques that prevent malware from being removed from a system even after a reboot. EDR tools flag these behaviors in real-time, giving IT a chance to isolate and remove threats before they can take hold.
Finally, EDR tracks what domains were contacted by the device. If a machine starts talking to a suspicious or known malicious website, EDR tools immediately log and alert on that connection. This helps the security and IT team ensure data isn't being exfiltrated and gives their teams a clear picture of the attack's scope and origin.
EDR equips organizations with the intelligence they need to transition from reactive defense to proactive control, and healthcare CIOs must determine how to make that investment. We have just passed the one-year mark since the CrowdStrike outage, and hopefully, healthcare CIOs have made some adjustments to their security programs to minimize any future similar outages.