CrowdStrike incident prompts CIOs to reassess cybersecurity

The recent CrowdStrike software update outage has caused significant disruption to healthcare organizations worldwide. This urgent situation highlights the need for healthcare CIOs and CISOs to immediately re-evaluate their cybersecurity strategies, as the impact of this incident is far-reaching and requires immediate attention.

Can we easily roll back?

Healthcare CIOs are being urged to rethink their rollback plan for system updates to better prepare for potential disruptions. The recent CrowdStrike incident has highlighted the need for a more efficient and streamlined process to restore a previous stable state, which is critical to minimizing downtime and ensuring continuity of patient care and data integrity.

In this incident, rollback is challenging due to the manual process required. Although a software fix is ​​now available, implementing it requires significant effort. Each affected machine must complete specific steps; no automated service can handle this task. Large organizations can take a long time to recover because IT staff must manually handle each device.

Despite the challenges presented by the CrowdStrike incident, it remains imperative for every organization to fully embrace infrastructure automation. Automated systems that can reduce human error and ensure consistent delivery are a powerful tool for maintaining operational stability across the healthcare organization, and their adoption should be a priority.

Healthcare organizations must not use this incident as an excuse to return to outdated IT security management practices, such as not leveraging automatic updates and other cloud product offerings. Instead, CIOs should rethink their approach to automatic updates for all products. Although patches delivered as automatic updates are standard in current IT processes, implementing a semi-automated process with local quality assurance before full deployment can be beneficial. This approach ensures the reliability of updates while maintaining the efficiency of automated systems.

CIOs must take the lead in managing downtime and turning it into operational exercises that involve the entire organization, not just IT. Regularly updating and practicing downtime and response plans will ensure that the organization is prepared for major outages and can effectively implement its training when needed. By leading these efforts, CIOs can work with senior management to create robust contingency plans and communication protocols and develop and regularly update an organizational outage response plan. This preparation includes detailing the recovery procedures needed to efficiently restore systems and operations.

In summary, CIOs typically only update some technology packages automatically, but trust CrowdStrike. This scenario is concerning because CrowdStrike’s last update included a kernel-level change. The problem is that CrowdStrike and its agents have kernel access to nearly all major systems and endpoints worldwide that run Windows, especially in healthcare, government, financial institutions, and critical infrastructure.