Resilience in the Face of Disruption: Viewpoint on the CrowdStrike Incident in July 2024.

IF 3.8 3区医学 Q2 MEDICAL INFORMATICS

JMIR Medical Informatics Pub Date : 2025-09-02 DOI:10.2196/69958

Christopher R Dennis, Christopher S Evans, Kathleen Duckworth, Misty McLawhorn Skinner, John Hanna, Tanya Thompson, Donette Herring, Richard J Medford

{"title":"Resilience in the Face of Disruption: Viewpoint on the CrowdStrike Incident in July 2024.","authors":"Christopher R Dennis, Christopher S Evans, Kathleen Duckworth, Misty McLawhorn Skinner, John Hanna, Tanya Thompson, Donette Herring, Richard J Medford","doi":"10.2196/69958","DOIUrl":null,"url":null,"abstract":"<p><strong>Unlabelled: </strong>In an era where health care is increasingly dependent on digital infrastructure, the resilience of health IT systems has become a cornerstone of patient safety and operational continuity. As cyber threats grow in frequency and sophistication, health care organizations have turned to advanced cybersecurity tools to safeguard their systems. Yet even the most robust defenses can falter. On July 19, 2024, a routine update from a widely used cybersecurity platform triggered a widespread IT disruption. A flawed sensor configuration led to 8647 \"blue screen of death\" (BSOD) events, with 729 devices requiring manual remediation. What unfolded was not just a technical crisis but a test of organizational agility, collaboration, and resilience. This viewpoint traces the response to that disruption, highlighting the pivotal role of clinical informaticists and the coordinated efforts that enabled a rapid recovery. From the formation of an incident response team to the triage and mitigation of impacted systems, the response was swift and strategic. Clinical informaticists emerged as key players, bridging the gap between technical teams and frontline care providers. They identified workflow disruptions, facilitated communication, and ensured that patient care remained as uninterrupted as possible. Despite the scale of the outage, operations continued with minimal disruption-thanks to early recognition, decisive action, and cross-disciplinary collaboration. This incident underscored the importance of a well-practiced response plan, clear communication channels, and the integration of clinical expertise in technical recovery efforts. As we reflect on this event, several lessons emerge: the need for continuous refinement of incident response strategies, the value of regular training exercises, and the critical role of clinical informatics in navigating digital crises. This paper calls for a renewed commitment to building resilient health IT ecosystems-ones that can withstand disruption and continue to support the delivery of safe, effective care.</p>","PeriodicalId":56334,"journal":{"name":"JMIR Medical Informatics","volume":"13 ","pages":"e69958"},"PeriodicalIF":3.8000,"publicationDate":"2025-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12404578/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"JMIR Medical Informatics","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.2196/69958","RegionNum":3,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MEDICAL INFORMATICS","Score":null,"Total":0}

引用次数: 0

Abstract

Unlabelled: In an era where health care is increasingly dependent on digital infrastructure, the resilience of health IT systems has become a cornerstone of patient safety and operational continuity. As cyber threats grow in frequency and sophistication, health care organizations have turned to advanced cybersecurity tools to safeguard their systems. Yet even the most robust defenses can falter. On July 19, 2024, a routine update from a widely used cybersecurity platform triggered a widespread IT disruption. A flawed sensor configuration led to 8647 "blue screen of death" (BSOD) events, with 729 devices requiring manual remediation. What unfolded was not just a technical crisis but a test of organizational agility, collaboration, and resilience. This viewpoint traces the response to that disruption, highlighting the pivotal role of clinical informaticists and the coordinated efforts that enabled a rapid recovery. From the formation of an incident response team to the triage and mitigation of impacted systems, the response was swift and strategic. Clinical informaticists emerged as key players, bridging the gap between technical teams and frontline care providers. They identified workflow disruptions, facilitated communication, and ensured that patient care remained as uninterrupted as possible. Despite the scale of the outage, operations continued with minimal disruption-thanks to early recognition, decisive action, and cross-disciplinary collaboration. This incident underscored the importance of a well-practiced response plan, clear communication channels, and the integration of clinical expertise in technical recovery efforts. As we reflect on this event, several lessons emerge: the need for continuous refinement of incident response strategies, the value of regular training exercises, and the critical role of clinical informatics in navigating digital crises. This paper calls for a renewed commitment to building resilient health IT ecosystems-ones that can withstand disruption and continue to support the delivery of safe, effective care.

Abstract Image

查看原文本刊更多论文

面对颠覆的弹性：对2024年7月CrowdStrike事件的看法。

未标记：在医疗保健日益依赖数字基础设施的时代，医疗IT系统的弹性已成为患者安全和运营连续性的基石。随着网络威胁越来越频繁和复杂，医疗机构已经转向先进的网络安全工具来保护他们的系统。然而，即使是最坚固的防御也会动摇。2024年7月19日，一个广泛使用的网络安全平台的例行更新引发了大范围的IT中断。有缺陷的传感器配置导致8647个“蓝屏死机”（BSOD）事件，其中729个设备需要手动修复。这不仅仅是一场技术危机，也是对组织敏捷性、协作性和弹性的考验。这一观点追溯了对这一中断的反应，强调了临床信息学家的关键作用和使快速恢复成为可能的协调努力。从事件响应小组的组建到受影响系统的分类和缓解，响应是迅速而战略性的。临床信息学家成为关键角色，弥合了技术团队和一线护理提供者之间的差距。他们确定了工作流程中断，促进了沟通，并确保患者护理尽可能不间断。尽管停电规模很大，但由于及早发现、果断行动和跨学科合作，运营在最小程度上受到了干扰。这一事件突出表明，在技术恢复工作中必须有一个实践良好的应对计划、明确的沟通渠道和临床专业知识的整合。当我们反思这一事件时，我们得到了一些教训：需要不断完善事件响应策略，定期培训演习的价值，以及临床信息学在应对数字危机中的关键作用。本文呼吁重新致力于建立有弹性的医疗IT生态系统，即能够承受破坏并继续支持提供安全、有效的医疗服务的生态系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

JMIR Medical Informatics Medicine-Health Informatics

CiteScore

7.90

自引率

3.10%

发文量

173

审稿时长

12 weeks

期刊介绍： JMIR Medical Informatics (JMI, ISSN 2291-9694) is a top-rated, tier A journal which focuses on clinical informatics, big data in health and health care, decision support for health professionals, electronic health records, ehealth infrastructures and implementation. It has a focus on applied, translational research, with a broad readership including clinicians, CIOs, engineers, industry and health informatics professionals. Published by JMIR Publications, publisher of the Journal of Medical Internet Research (JMIR), the leading eHealth/mHealth journal (Impact Factor 2016: 5.175), JMIR Med Inform has a slightly different scope (emphasizing more on applications for clinicians and health professionals rather than consumers/citizens, which is the focus of JMIR), publishes even faster, and also allows papers which are more technical or more formative than what would be published in the Journal of Medical Internet Research.