More than 750 U.S. hospitals experienced technology disruptions tied to the July 2024 CrowdStrike software failure, with nearly one in five outages affecting systems used directly in patient care, according to a study published July 19 in JAMA Network Open.
The analysis, led by researchers at the University of California San Diego, is among the first to quantify the impact of the global IT failure on healthcare delivery. The team used internet scanning techniques to monitor digital signals from hospitals using the Epic EHR platform before, during and after the software outage.
The July 19, 2024, incident began when CrowdStrike released a faulty update to its Falcon cybersecurity software, which caused widespread crashes in computers running certain versions of Windows. The malfunction affected industries worldwide, including hospitals, airlines, banks and government systems.
Here are five key findings from the study:
- In healthcare, the study found that 759 of 2,232 hospitals with available data—about 34%—lost responsiveness in at least one internet-connected service.
- A total of 1,098 individual service outages were documented, with 239 (21.8%) linked to direct patient care functions, including access to health records, imaging platforms and patient portals.
- The median downtime for hospitals during the event was about five hours, though some outages lasted more than 48 hours. Among the patient-facing services disrupted were systems used for fetal monitoring, radiology image viewing and secure document transfer between facilities.
- Another 15.4% of outages affected operationally critical systems such as staff scheduling and billing, while 5.3% impacted research systems. The remainder—more than half—could not be classified or were deemed unrelated to clinical operations.
- The study did not evaluate patient harm or clinical outcomes, but the authors emphasized the importance of monitoring hospital digital infrastructure.
“It’s shocking that organizations like JAMA and UCSD would publish junk science of this nature. The researchers made no effort to validate whether systems were running the Windows OS or even had CrowdStrike installed, and failed to account for an unrelated Azure outage occurring during the same time frame,” a CrowdStrike spokesperson told Becker’s in an emailed statement. “Drawing conclusions about downtime and patient impact without verifying the findings with any of the hospitals mentioned is completely irresponsible and scientifically indefensible. While we reject the methodology and conclusions of this report, we recognize the impact the incident had a year ago. As we’ve said from the start, we sincerely apologize to our customers and those affected and continue to focus on strengthening the resilience of our platform and the industry.”
