Worse Than a Cyber Attack: Why It Is Better to Be An Island

01 Aug
Image

Interconnected systems all fail together

On July 18th 2024, CrowdStrike, a cybersecurity company, released a software update that wasn’t fully vetted and contained errors. Crowdstrike’s primary business is anti-virus and intrusion detection software that needs to be installed at the kernel level on the machine’s it protects. “Kernel level” is a level that goes beyond/above “administrator” and has access to a system’s entire memory, drivers, process, etc. The error from Crowdstrike’s flawed update created unrecoverable errors at the “kernel level” in Windows computers, which caused them to crash and display the “blue screen of death”, or BSOD. Worse still, computers that employed further encryption, like BitLocker, were permanently locked forever; basically, turned into paperweights with all data lost.

Healthcare Systems Wish They Were Hacked Instead

The cascade of systems crashes reached millions of Windows’s systems worldwide. Everything from 911, to air traffic control, to utility companies, to computers owned by regular people were affected. Healthcare was hit hard as well, with major system crashes being reported by Epic, a major EHR system used by over 2000+ hospitals nationwide and containing the HIPAA data of over 305 million patients. The result was chaos at the facilities using Epic as systems crashed, surgeries were cancelled, patients were re-routed, and records were unreachable. In many ways, this is worse than being hacked because there is no way to recover from it. There is no way to recover the data, and there is no way forward without physically dissembling and reprogramming affected hardware.
Image
Image

Trusting Systems Will Never Be Immune

Trusting systems like Epic need A/V software like Crowdstrike because they interact with many different services/companies/equipment. Epic, which contains the HIPAA data of over 305 million patients, absolutely must have A/V and intrusion detection software built into it to safeguard all of this information. Epic cannot exist without this type of software, so it will always remain vulnerable to future outages of this type. Software like Epic relies on their vendors to produce quality work so their systems won’t crash, and when that fails, the result is what we saw with the Crowdstrike outage.

CaseTrak360 Is an Island That Doesn’t Rely on Third Party Vendors for Security

CaseTrak360 is completely independent and takes a “walled garden” approach to security. Each instance runs in its own separate cloud on AWS with end-to-end encryption from the server to the client and with encryption installed on its database. Access is completely restricted from anywhere except whitelisted IP addresses from the facilities that run it, and detailed backups are taken every day. Furthermore, CaseTrak360 does not store HIPAA data or interact with any other system, service, or equipment. Therefore, it is not vulnerable to attack and does not rely on Crowdstrike for security. It was not affected by the outage. Customers running CaseTrak360 would have been able to continue their operations as if nothing had happened; assuming they had computers that were not affected by the outage. Security in healthcare is not something to take lightly, and we don’t; time and time again, we see how much it pays to be an island.
Image
Case Medical has developed the smartest container and the most intuitive instrument tracking program. Together they are integral pillars of our 360 degree approach to instrument processing. They can help your facility transition away from paper, while improving SPD efficiency and OR utilization. Reach out to us at info@casemed.com to schedule a demo with us today.

Search

Subscribe To Our Newsletter
Select your category:
Copyright © 2015-2020 Case Medical.
All Rights Reserved.