Recent events in the tech world have unveiled specific vulnerabilities that can have far-reaching impacts across industries. The Crowdstrike outage, for instance, sent ripples of system crashes and downtime across various sectors, emphasizing the importance of asking the right questions and having a robust recovery plan in place.
A recent article in TechTarget dives into the Crowdstrike outage, highlighting key considerations to mitigate the impact from similar outages in the future. Today, we’re recapping Tech Target’s article and discussing key considerations regarding your vendors.
The Crowdstrike Outage: Causes & Impact
The widely used Falcon platform of Crowdstrike experienced a flawed software update, which led to an error that affected its sensor version 7.11 and above. The error in the update logic triggered a system crash and, infamously, the blue screen of death. Major players in the healthcare, finance, and various other industries felt the impact of this outage.
The Recovery
The software error affected approximately 8.5 million Windows devices, which were responsible for running crucial functions in industries such as airlines, public transit, healthcare, finance, and media broadcasting. Despite Crowdstrike deploying a fix in just over an hour, the damage was extensive, and recovery is ongoing for some organizations.
Key Considerations Regarding Your Vendor
In light of these events, the Tech Target article discusses several key questions that organizations should ask their vendors to ensure they are equipped for any potential outages.
1. When can vendors initiate software changes?
Understanding this allows you to foresee any potential unexpected changes in production, therefore shedding light on the associated risks.
2. What about controlling, halting, or gating updates and changes?
This information helps to control when changes are released into sensitive or controlled environments, like production or industrial networks.
3. Can updates be staggered?
Staggering updates are highly encouraged. This helps mitigate risk, as the undesirable effect of an update would only impact a fraction of the systems.
4. When should a vendor be allowed access to operational environments?
Granting vendor access to environments for support, upgrades, issue resolution, and configuration is sometimes necessary, especially if the equipment is purpose-built and needs specialized attention.
5. What actions should be tracked and recorded?
Recording vendor access and actions helps in keeping them accountable and aids in investigations should there be any mishaps.
6. How can you be notified or alerted?
Establishing a clear channel of communication is key to staying updated about product changes and critical issues.
7. What are the potential hindrances when it comes to resuming normal operations?
Remaining aware of potential complexities in recovering from an outage can help in preparing a robust contingency plan.
8. What is critical for internal teams, and how critical is it?
Understanding what applications, processes, and systems are critical and who owns them informs the business continuity planning efforts.
9. Has an internal emergency communication channel been determined?
Having a clear internal communication strategy is paramount during outage-related issues.
10. Does your organization have a threat modeling process in place?
To manage risk, it’s helpful to have the attacker’s perspective of systems and software; creating a threat model helps develop risk control strategies.
dbtech’s EHR Downtime Solution Mitigates the Impact of Unexpected Outages
dbtech’s EHR Downtime Solution tailors a way for your healthcare facility to continue its operations smoothly and efficiently, even during unexpected downtimes. During these times, access to critical data is pivotal. Our solution ensures this and enables a timely and efficient electronic recovery process. It is compatible with industry-standard EHRs, including Epic, Cerner, and MEDITECH.
Contact dbtech to Learn More About Our EHR Downtime Solutions
To secure your operations from unexpected outages, reach out to dbtech for a demo. Numerous healthcare organizations trust our solutions to keep their operations running smoothly, even in the midst of uncertainty.