Labcorp Systems, Quest Diagnostics, Impacted by CrowdStrike-Related Outage
Healthcare operations, including clinical laboratory operations, have been impacted by the ongoing wave of outages provoked by a compromised software update to its Falcon antivirus solution from the Austin, Texas-based CrowdStrike cybersecurity services company.
A staff-written report by Reuters on July 19 included the following information about healthcare impacts, along with a long list of airlines, airports, financial services companies, and even media companies, impacted because of a bad software update.
The Reuters report listed three U.S. healthcare-related impacts specifically: “Quest Diagnostics (DGX.N), said its patient services and customer contact teams were operating with reduced capacity and patients might experience longer waiting and service times.” And “Laboratory service provider Labcorp (LH.N), said the outage was impacting some of its business systems, call center operations, and results delivery, including physician and patient portals.” It also noted that “Hospital operator Providence said it restored a key functionality allowing nurses, physicians, and caregivers to access patient records and perform clinical documentation, but other clinical applications and workstations were still impacted.”
As Healthcare Innovation’s David Raths reported on July 22, “The widespread outage was caused by a faulty software update by CrowdStrike last Friday that affected Windows-based computers, although many hospital systems were still experiencing scheduling delays and working through issues on Monday morning. In a blog post, Microsoft estimated the outage affected 8.5 million Windows devices. Microsoft notes that this number makes up less than 1 percent of all Windows machines.”
Per all that, Raths wrote that the U.S. Cybersecurity and Infrastructure Security Agency, CISA, “said it continues to work closely with CrowdStrike and other private sector and government partners to actively monitor any emerging malicious activity. It said that according to a CrowdStrike blog, threat actors have been distributing a malicious ZIP archive file. This activity appears to be targeting Latin America-based CrowdStrike customers.”
Further, Raths noted, “Some health systems were praising their IT teams profusely, including New Jersey’s largest integrated healthcare delivery system, RWJBarnabas Health, which noted that if not managed aggressively and effectively, the outage could have caused significant disruption to the health system. “While we continue to work through technical issues, normal operations have resumed across the system. The ingenuity and teamwork demonstrated by RWJBarnabas Health’s workforce was exemplary,” the health system posted on Twitter/X. “Led by the system’s Information Technology Department and Office of Emergency Management, their tireless efforts to resolve issues quickly and efficiently were critical in maintaining patient safety during a time of uncertainty.”
On July 19, Labcorp issued a “System advisory re the Crowdstrike computer outage,” stating that “Labcorp systems are currently impacted by the Crowdstrike computer outage affecting companies globally. This event is impacting certain Labcorp business systems, call center operations, and results delivery including physician and patient portals. We have been working to restore services as soon as possible. We will share more information once available,” the announcement stated.
And a report in the online publication Seeking Alpha noted that “Labcorp Holdings (NYSE:LH) and Quest Diagnostics (NYSE:DGX) were among some of the major publicly traded healthcare companies that acknowledged disruption from a global tech outage caused by a bug in CrowdStrike (CRWD) software on Friday.” That report noted that the delivery of results to physicians and patients was impacting Labcorp operations, while Quest Diagnostics more generally reported an impact with “our teams…operating with reduced capacity.”
The scope of the impact on healthcare has been major, wrote WIRED’s David Cox on July 19. “Hospitals in Canada, Germany, and Israel announced issues with their digital services, while the 911 emergency service in some US states was reported to be down. A WIRED reporter found both Baylor hospital network, one of the largest nonprofit healthcare systems in the country, and Quest Diagnostics unable to process routine bloodwork. Donna Rossi, a spokesperson at the Phoenix Police Department, explained that while calls were still going through, the lack of working internet meant that officers had to be dispatched manually.”
Cox quoted a post to X from Dana Chandler, a nurse at GBMC Health Care in Maryland, who posted, “No phones, no computers, no safety nets. It’s an all-hands-on-deck kind of day. I hope our patients remain safe.”
“The impact is massive,” Andrew Rosenberg, M.D., an anesthesiologist and critical care physician at Michigan Medicine, told Cox. “It affects all aspects of modern digital health systems. Luckily, in units where the computers are running the whole time, like the ICUs and emergency departments, the computers didn’t take the CrowdStrike application upgrade, whereas in areas of healthcare which are more episodic, like operating rooms, the disruption is much greater.”
And, Rosenberg said, the biggest area of disruption has been “digital bottlenecks”—situations in which multiple information systems have to communicate with one another.
