CrowdStrike Windows Outage
While ransomware crippled critical healthcare infrastructure, the CrowdStrike outage demonstrated how a single software failure could bring down global operations, revealing another layer of cyber risk.
In July 2024, a flawed content update from CrowdStrike, a leading cybersecurity software provider, caused the crash of over 8.5 million systems worldwide, impacting thousands of organizations, including hundreds of Fortune 1000 companies.
Dubbed the CrowdStrike glitch, the incident led to an estimated $5 billion in losses globally, with insurers facing around $1.5 billion in payouts under business interruption, cyber, and system failure coverages. One of the most notable cases was Delta Airlines, which experienced the disruption of 7,000 flights and inconvenience to 1.3 million passengers over five days, resulting in a reported loss of $500 million. In response, Delta filed a lawsuit against CrowdStrike, accusing the company of issuing untested updates that caused catastrophic outages. CrowdStrike acknowledged the faulty update but argued that Delta’s claims were exaggerated and blamed the airline’s outdated IT infrastructure for its prolonged recovery.
Multiple blue screens of death caused by a faulty software update on baggage carousels at LaGuardia Airport, New York City - source: wikipedia.com
The event exposed significant gaps in cyber risk management and the growing systemic risks of aggregated cyber dependencies. It exposed vulnerabilities in supply chain cybersecurity, as many organizations were unprepared for the cascading failures caused by a single point of failure. The CrowdStrike outage underscored the fragmentation of the cybersecurity market, the challenge of assessing cyber risk concentrations, and the insufficiency of cyber insurance models in addressing rapidly evolving threats. With emerging technologies such as AI, quantum computing, and cloud computing introducing new risks, the incident served as a wake-up call for businesses to adopt more comprehensive cyber risk assessments and strengthen their incident response capabilities.
NHS Cancels Operations Following Ransomware Incident
Qilin released 394.1 GB of what's claimed to be Synnovis data on June 21 on their Telegram channel.
In June 2024, Synnovis, a critical laboratory services provider for the NHS in South East London, fell victim to a ransomware attack orchestrated by the Russian-speaking Qilin group. The attack, which began on June 3, caused widespread disruption to pathology services at major hospitals, including Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. These hospitals declared a critical incident on June 4 as essential services like blood transfusions, swab analysis, and diagnostic tests were significantly impacted. Healthcare staff were forced to revert to manual, paper-based methods, slowing down critical processes and delaying care for many patients. In the first week alone, over 800 planned operations and 700 outpatient appointments were rescheduled. On June 10, an urgent appeal for O blood-type donors was issued, as the hospitals struggled to efficiently match blood for transfusions.
The situation escalated when, on June 21, Qilin published nearly 400GB of stolen patient data on the dark web and Telegram. The leaked information included patient names, NHS numbers, and detailed descriptions of blood tests, along with confidential business records outlining agreements between NHS hospitals and Synnovis. Qilin claimed the attack was a retaliatory response to the UK government’s involvement in an unspecified war, though this motive was met with skepticism by cybersecurity experts. NHS England, supported by the National Cyber Security Centre (NCSC), confirmed the authenticity of the data breach and warned affected individuals of potential identity misuse. By June 27, the number of postponed medical activities had surged to over 1,000 canceled operations and 3,000 outpatient appointments.
After months of disruption, NHS England announced on October 11, 2024, that all pathology and blood testing services had returned to normal operations. Despite the restoration of services, the attack revealed critical weaknesses in NHS supply chain security, demonstrating how third-party compromises can disrupt essential medical services. The attackers’ use of a double extortion tactic—stealing and publishing sensitive data to increase ransom pressure. NHS England’s response, which included activating business continuity protocols and enhancing collaboration with the NCSC, provided a foundation for recovery.