Cybersecurity company Crowdstrike experienced a major disruption Friday following the implementation of a software update. The problematic update let to a worldwide event that sent many businesses reeling. Medical services, financial services, payment processing, airlines and air travel, and more were all particularly hard hit. Planes were grounded, hospital systems shut down services, broadcast companies went off the air, and payment companies went offline.
CrowdStrike CEO George Kurtz said Friday’s incident was not related to cybersecurity and that the issue was due to a Falcon content update for Windows Hosts. He said the problem was identified and a solution has been deployed. He characterized the update as normal and part of the firm’s routine process to prevent security risks. However, he noted that a thorough investigation would need to be carried out to determine exactly what went wrong.
“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” Kurtz stated. “We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.” Kurtz stressed that Mac and Linux hosts are not affected.
One expert, Troy Hunt, labeled the ongoing global tech disruption as “the largest IT outage in history.”
Tom Lysemose Hansen, Chief Technology Officer at Norwegian cybersecurity company Promon, stated the fixes won’t be terribly simple. “Crowdstrike’s affected customers will have to effectively break into their own systems to get everything back online by logging into the admin console and booting their systems in safe mode.”
Over half of Fortune 500 companies and many government bodies such as the U.S. Cybersecurity and Infrastructure Security Agency, use the company’s software.
Below are some excerpts from articles appearing on cnbc.com illustrating the widespread impact of the Crowdstrike event…
- At CommonSpirit Health, which provides care across 150 hospitals in 24 states, employees noticed that many of the health systems’ desktop computers were displaying a blue error screen in the early hours of Friday morning. But though some computers remained operational, the compromised computers must be fixed manually, one by one.
- Electric vehicle maker Tesla temporarily halted production on lines at some of its manufacturing facilities on Friday after an unprecedented IT outage impacted global operations due to system issues at cybersecurity firm CrowdStrike.
- Nearly 4% of all scheduled flights around the world have been cancelled due to the disruption, according to new data from the aviation analytics firm Cirium on Friday. The firm said 4,295 flights had been cancelled as of 12 p.m. ET
- Drugmaker Amgen, a CrowdStrike customer, said Friday it is assessing the impact of the global outage and working to recover affected systems “as quickly as possible.”
- The health-care software vendor Epic Systems, which houses more than 305 million patient medical records, said the outage has caused technical issues that are preventing some health-care organizations from using its systems.
- United Airlines’ ground stop has been lifted for all airports, according to an Air Traffic Control System Command Center advisory. Earlier Friday, the airline had resumed some flights but told CNBC it expected “schedule disruptions to continue throughout Friday.”
- England’s National Health Service on Friday said the global outage has impacted its system for booking doctors’ appointments and managing patient records, which is disrupting the majority of general practitioner practices.
- Secretary of Transportation Pete Buttigieg said Friday on CNBC’s “Squawk on the Street” that he expects the transportation delays to be smoothed out and “resembling normal” by Saturday.
- Nearly 28,000 flights had been delayed globally as of about 11 a.m. ET Friday, with roughly 4,700 of those delays within, into or out of the United States, according to FlightAware data. More than 2,950 flights have been cancelled, with almost 1,800 of them U.S. flights.
- Charles Schwab, which operates trading services including Think or Swim, said in a Friday X post that “certain online functionality may be intermittently slow or unavailable.”
- Railroad Union Pacific is seeing “varying levels of impact” across its network, the company told CNBC in a statement.
- FedEx said it’s experiencing “substantial disruptions” due to the global tech outage.
- UPS also said there may be service delays, as it works to resolve all issues. The software outage is impacting some UPS computer systems in the U.S. and Europe, but the company’s airline and driver delivery systems are still operating effectively, according to the statement.
- Amazon’s cloud computing service alerted its customers to some “connectivity issues and reboots” that may be experienced as a result of the CrowdStrike outage.
- The Mount Sinai Health System in New York City said Friday that it has “identified and isolated” systems that have been affected by the disruption.
- The University of Miami Health System, which operates several hospitals in South Florida, on Friday said it is experiencing “connectivity issues across various applications,” including its electronic medical record system.
- UVA Health, a health system associated with the University of Virginia in Charlottesville, said in a statement Friday that it is operating on a “modified schedule” due to the global outage. Most ambulatory clinics will be closed.
- Penn Medicine in Pennsylvania said it may have to cancel and reschedule appointments in some locations because of the outage, according to an alert on its website.
- American Airlines said it has resumed operations after the Microsoft outage, though disruptions have continued for many airline passengers on Friday.
- Two German hospitals on Friday canceled elective procedures and closed their outpatient units due to the global IT outage impacting businesses around the world.
- Britain’s National Health Service said it is experiencing disruptions in the majority of general practitioners offices as a result of the ongoing IT outage and an issue with an appointment and patient record system.
- CBBC, the children’s television channel of U.K. public service broadcaster the BBC, was still offline at 10:11 a.m. in London (5:11 a.m. ET).
- German insurer Allianz said its services have been impacted by the IT outage that has been enveloping businesses worldwide and is working to minimize the effect on customers and operations.
- Television channel Sky News was temporarily unable to broadcast live this morning, citing a “global technical issue.”
- The Dutch arm of Air France-KLM said Friday it has been forced to suspend “most” of its operation due to a global computer outage.
- London Stock Exchange Group on Friday said it is investigating technical issues after it was hit by a global IT outage affecting its pricing data and news communications.
- Several major U.K. companies were also impacted by Friday’s IT outage, with food retailer Waitrose temporarily halting contactless payments.
- German security institutions are working with international partners to resolve an IT outage that has affected air travel, banking and several companies, German Chancellor Olaf Scholz said Friday, according to Reuters.
Software update problems likely due to lack of quality checks.
Security experts are now saying CrowdStrike’s routine update of its cybersecurity software apparently did not undergo adequate quality checks before deployment. The latest version of its Falcon Sensor software was meant to make CrowdStrike clients’ systems more secure against hacking by updating the threats it defends against, but apparently faulty code in the update files resulted instead in the historic.