Over 750 hospitals suffered disruptions from 2024 CrowdStrike event

Updated July 24, 2025, with CrowdStrike’s statement.

Just over one year ago, a simple mistake during a routine software update plunged more than 8.5 million Windows-based IT systems into darkness. The error from CrowdStrike, a cybersecurity company whose products are used to detect and respond to security threats, prevented computers from rebooting for several hours, with many of the systems requiring additional manual fixes that resulted in even longer downtime.   

The estimated financial toll? Anywhere between $5 billion and $10 billion for Fortune 500 companies – and close to $2 billion for the healthcare industry specifically. 

Now, a new report shows that the negative impacts to healthcare organizations have ranged far beyond the financial. Published in JAMA Network Open, a study from the University of California San Diego indicates that a large proportion of US hospitals experienced measurable disruptions from the event, including technical difficulties that affected basic operations, research activities, and direct delivery of patient care. 

The researchers found that immediately following the CrowdStrike update on July 19, a total of 759 hospitals (out of the 2232 with available data) experienced a detectable service disruption.  That’s more than a third of healthcare organizations. 

Of a total of 1098 service outages within those organizations, 21.8% were found to be patient-facing with direct impacts on patient care. Just over 15% were relevant to health system operations, and 5.3% affected research activities. The remaining 57% were not classified as not relevant or were unknown.  

“Patient-facing services spanned imaging platforms, prehospital medicine health record systems, patient transfer portals, access to secure documentation, and staff portals for viewing patient details,” the team explained. “In addition to staff portals, we saw outages in patient access platforms across diverse hospital systems; these platforms, when operating as usual, allow patients to schedule appointments, contact health care practitioners, access laboratory results, and refill prescriptions.” 

Some hospitals also saw downtime on patient monitoring systems, such as fetal monitors and cardiac telemetry devices, as well as laboratory information systems (LIS) and behavioral health applications.    

The outages categorized as irrelevant or unknown largely affected software in development or pre-deployment phases, informational pages, education resources for medical and nursing students, or donation pages for institutions. 

Most hospital services recovered within 6 hours, although 3.9% of hospitals experienced outages that lasted more than 48 hours. Hospitals in New Jersey, Maryland, and South Carolina were the most likely to have outages that went unresolved for more than two full days. Organizations in the Southern US, including Tennessee, North Carolina, Louisiana, Alabama, Texas, and Florida, were among the fastest to recover, with most surveyed hospitals in those regions back online within 6 hours.  

The event highlighted the incredibly fragility of the modern, hyperconnected healthcare ecosystem while providing a sobering reminder that human error is, and will always remain, a major threat to even the most robust-seeming systems. 

While it acknowledged and apologized to its customers and others affected by the disruption, and assured it is focused on strengthening its platform’s resilience, CrowdStrike took issue with the UCSD research methodologies and findings.

In a statement sent to DHI and attributed to an unnamed CrowdStrike spokesperson, the firm blasted JAMA and UCSD for what it called “junk science”:  “The researchers made no effort to validate whether systems were running the Windows OS or even had CrowdStrike installed, and failed to account for an unrelated Azure outage occurring during the same time frame. Drawing conclusions about downtime and patient impact without verifying the findings with any of the hospitals mentioned is completely irresponsible and scientifically indefensible.”

While CrowdStrike asserts that it has made significant changes to its processes to prevent a repeat of the disaster in the future, there are dozens of other platforms and solutions that have equally broad reaches across the healthcare industry (Change Healthcare, anyone?) and may be vulnerable to similar catastrophic consequences should a human (or improperly supervised AI agent) make a misstep.   

It may not be possible for healthcare leaders to anticipate every single eventuality involving all of their health IT infrastructure, but they can prepare for potential problems by developing a clear and up-to-date understanding of how their information solutions are connected to one another and how far an outage’s ripple effects might spread through the enterprise. 

In a recent CHIME Innovation Summit in Virginia, Inova Health CIDO Matt Kull stressed the importance of recovery, which applies to cyber and technical disruption events. “All of the blocking and tackling is important, but it doesn’t matter if you can’t recover once an attack occurs,” he advised (Summit Summary Report).

Having a plan for backups and redundancies, especially for critical patient-facing and operational systems, will be essential for recovering quickly from an outage without incurring damage to the organization or its patients.  

Jennifer Bresnick is a journalist and freelance content creator with a decade of experience in the health IT industry.  Her work has focused on leveraging innovative technology tools to create value, improve health equity, and achieve the promises of the learning health system.  She can be reached at [email protected].