CrowdStrike effectively bricked windows, Mac and Linux today.
Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.
Incredible work.
CrowdStrike effectively bricked windows, Mac and Linux today.
Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.
Incredible work.
Imagine this happening during open heart surgery and all the monitors go blue!
Good lord I would hope critical surgical computers like that aren’t networked externally… Somehow I’m guessing I’m wrong.
Critical surgery computers may also be running under Windows LTSC, so they might not get the CrowdStrike patch. Maybe…Edit: So the issue is apparently caused by CrowdStrike. So, unless the surgery computers also use CrowdStrike then it would be fine. Unless, of course, if they use CrowdStrike on surgery computers…
Maybe not everywhere, but all of ours are air gapped.
I’d heard some hospitals were affected. They cancelled appointments and non-critical surgeries.
I’m guessing it was mostly their “behind the desk” computers that got affected, not the computers used to control the important stuff. The computers in patients’ rooms may have been affected as well, but (at least in the US) those are usually just used to record information about medicine given and other details about the patient, nothing critical that can’t be done manually.
Good News! Unless something has changed since I worked in healthcare IT, those systems are far too old to be impacted!
I’m half-joking. I don’t know what that kind of equipment runs, but I would guess something embedded. The nuke-med stuff was mostly linux and various lab analyzers were also something embedded though they interface with all sorts of things (which can very well be windows). Pharmaceutical dispensers ran various linux-like OS’s (though I couldn’t even tell you the names anymore). Some medical records stuff was also proprietary, but Windows was replacing most of it near the end of my time.
One place we had ran their keycard system all on a windows 3.1 box still. I don’t doubt some modern systems also are running on Windows which has interesting implications for getting into/out of places.
That said, a lot of that stuff doesn’t touch the outside internet at all unless someone has done something horribly wrong. Medical records systems often do, though (including for billing and insurance stuff).
Security through obsolescence the healthcare way!
Anecdotal, but my spouse was in surgery during the outage and it went fine, so I imagine they take precautions (like probably having a test machine for updates before they install anything on the real one, maybe)
There were no test rings for this one and it wasn’t a user controlled update. It was pushed by CS in a way that couldn’t be intercepted/tested/vetted by the consumer unless your device either doesn’t have CS installed or isn’t on an external network… or I suppose you could block CS connections at the firewall. 🤷♂️
Depending on the machine, I guess it’s likely that those aren’t using Windoofs at all. I would be surprised if there were devices in use during surgery who run on that.
Any critical devices should be airgapped while in service.