Number of NHS IT systems hit by CrowdStrike outage grows • The Register

A UK hospital is battling what it is calling a critical incident as the ongoing global IT outage caused by a CrowdStrike update is impacting its Varian system.

This is going to turn out to be the biggest cyber incident ever in terms of impact, just a spoiler, as recovery is so difficult

Varian Medical Systems is responsible for delivering radiotherapy treatments to cancer patients and due to the global outage, treatments were briefly canceled this morning.

An update posted at 1045 UTC said that radiotherapy services were restored and that afternoon appointments would go ahead as planned, but warned further disruption may continue into next week.

“We are now able to deliver radiotherapy services and this afternoon’s appointments will take place as scheduled,” the statement reads.

“However, there is still some disruption to the radiotherapy system that may affect appointments running into next week. Please continue to attend your appointment unless you are contacted directly.”

The Varian system is the second relied upon by NHS healthcare centers to be affected by the issues caused by the update at CrowdStrike. The first system is EMIS, meaning the attack has also disrupted systems at the majority of UK general practitioners’ centers.

The full scale of Varian’s disruption isn’t yet known, although The Register has requested further information from the company and will update the story if it responds.

According to a statement from NHS Supply Chain, the UK health service’s logistics arm, the NHS spent £130 million ($168 million at today’s exchange rate) on new radiotherapy equipment across 38 cancer treatment centers in 2019. This money was spent on equipment from various vendors, including Varian.

Since then, various NHS Trusts across the UK have publicized their use of Varian kit. These include Barking, Havering, and Redbridge University Hospitals, East and North Hertfordshire NHS Trust, and the Beatson West of Scotland Cancer Centre (part of the NHS).

We’ve been in touch with healthcare specialists who all confirmed they’re still using Varian systems but said supervisors are currently liaising with all hospital departments to determine the full extent of the impact.

The crisis in brief

The current global IT outage is widely predicted to be the most severe in history. It has all come from a dodgy file (C-00000291*.sys) which is delivered via channel file updates in CrowdStrike Falcon.

“The .sys files causing the issue are channel update files, they cause the top-level CS driver to crash as they’re invalidly formatted,” security expert Kevin Beaumont said

“It’s unclear how/why Crowdstrike delivered the files and I’d pause all CrowdStrike updates temporarily until they can explain.

“This is going to turn out to be the biggest cyber incident ever in terms of impact, just a spoiler, as recovery is so difficult.”

Everything from airlines to GP services is down, the full list of which can be found in our earlier coverage of the crisis

CrowdStrike said the incident is not malicious in nature – it’s not a cyberattack.

The outage is still in its early hours, although the content update has been stopped, so no new cases of the faulty file should cause the BSODs.

The impact on healthcare comes at a sensitive time in the UK, the capital city of which is still wrestling with the fallout of a serious ransomware attack. The consequences of the hit on Synnovis led to the most atrocious stories being told.

Medical professionals also appear to be blindsided by the issues, relying on limited information only. This reporter visited his local GP-attached pharmacy in the hours after the incident today and the staff were shocked when they heard the full picture.

The pharmacy could not process electronic prescriptions made after the outage took hold, but those issued before could still be fulfilled. ®