Three Things to Consider After the Global CrowdStrike Event

Aug 15, 2024

Mike Bragg | Systems + Technology

“Happy Friday” was our team’s phrase of the day after early AM messages alerted us to multiple system issues. As a PACS (Picture Archive and Communication Systems) provider, any outage impacts patient care and immediately becomes an emergent issue. We quickly discovered several of our Windows systems had halted at the Blue Screen of Death (BOSD). This isn’t exactly what we were hoping to wake up to on Friday, July 19th, but here we were. After a couple of hours and a few thoughts of performing our best imitation of Peter Gibbons in *Office Space* with a Louisville slugger, we had our production environment recovered. 

The recent CrowdStrike event was a wake-up call for all of us—proof that no one’s invincible in the world of cybersecurity, especially within healthcare IT systems like PACS (Picture Archiving and Communication Systems), RIS (Radiology Information Systems), EMR (Electronic Medical Records) and VNAs (Vendor Neutral Archives). These systems are critical for managing and storing medical imaging data, and at any time, there could be a nasty surprise – like the “PC Load Letter” error message – just queued up to ruin your day. But instead of panicking, let’s use this as an opportunity to fortify our defenses, particularly in the context of PACS and healthcare IT.

Here are three things you should focus on now: 

1) Incident Analysis and Reporting
After any major security hiccup, it’s time to play detective. The first thing you should do is dig into the details of what went down. Understand the how, what, and why behind the incident, especially if it involves critical systems like your PACS. 

  • Root Cause Analysis: Start with a thorough root cause analysis. This means getting into the nitty-gritty—checking logs, network traffic, and system behaviors within your PACS and broader medical imaging environment to figure out exactly what went wrong and how. Identifying the vulnerabilities that were exploited is key to preventing a repeat performance. 
  • Detailed Reporting: Once you’ve got the facts, document everything in a detailed incident report. This should include timelines, which systems were affected, the nature of the incident, and the steps you took to contain and fix the problem. Sharing this report with key stakeholders isn’t just about transparency; it’s about ensuring everyone’s on the same page for next time.

2) Enhancing Incident Response, Business Continuity, and Disaster Recovery
A robust Incident Response (IR) plan tailored to healthcare IT is crucial. When systems like PACS, RIS, EMR, and VNAs are compromised, it’s not just about fixing the issue—it’s about ensuring uninterrupted access to critical imaging data. 

  • IR Plan Review: Ensure your IR plan includes specific procedures for system related incidents, with clear roles for everyone involved in maintaining medical imaging operations. 
  • Business Continuity Planning: Continuity is key in healthcare. Your plan should ensure that your primary production systems such as PACS, RIS, EMR, and VNAs remain operational or can be quickly restored, minimizing any impact on patient care. This means having redundant systems, off-site backups, and clear recovery strategies. 
  • DR Plan Review: Disaster Recovery (DR) plans are another essential part of the puzzle. Ensure your DR plan is up-to-date, with reliable restore mechanisms that you regularly test for integrity, particularly for PACS and other critical systems. You want to be sure that when disaster strikes, you can bounce back quickly.

3) Building a Future-Resilient Healthcare IT Infrastructure
To safeguard your healthcare IT systems, including PACS, it’s important to think beyond immediate fixes and focus on long-term resilience. 

  • Regular Audits and Assessments: Conducting regular security audits and assessments, both internal and external, helps you stay ahead of potential vulnerabilities. These checks ensure that your healthcare IT infrastructure remains secure and compliant with regulations. 
  • Internal Audits: Regular internal security audits help you evaluate the effectiveness of your current controls and highlight areas for improvement, particularly in your PACS and medical imaging workflows. 
  • External Assessments: Bringing in third-party experts to perform security assessments and penetration testing provides an unbiased look at your security posture. They can uncover gaps you might have missed and suggest improvements. 
  • Identify Key Redundancies: Lastly, make sure your critical systems and data have redundancies in place, particularly in your PACS and medical imaging infrastructure. Regularly review and test these redundancies—whether it’s data backups, hardware, or network systems—so you know they’ll hold up under pressure. 

 

In conclusion, the CrowdStrike event serves as a reminder that security is never a one-and-done task, especially in healthcare IT systems like PACS. By analyzing what went wrong, refining your response plans, and building a more resilient infrastructure, you can stay one step ahead of future challenges in the medical imaging space. 

 

Blog Categories

Ready to see ProtonPACS for yourself?

Our demo is free with no obligations.