By Guy Page
Vermont impacts from Friday’s cyberservice outage include lost internet communication at Vermont’s hospital network and many state government offices, officials say.
Vermont Agency of Digital Services Deputy Director Denise Reilly-Hughes said her agency first got word of the Crowdstrike failure at about 6:30 AM, she said at a press conference Friday. About 10% of state departments and agencies within state government were affected.
By late morning Friday, about 25% of affected services had been restored. “We are prioritizing safety, security, flood response, and vulnerable Vermonters,” Reilly-Hughes said.
Among other adverse impacts, “Some folks couldn’t access email,” she said. Neither the 211 nor 911 hotlines were not impacted. As services were being restored, “we are prioritizing safety, security, flood response, and vulnerable Vermonters,” the state official said.
A statement issued Sunday night by the University of Vermont Health Network said its IT staff “continue to make progress restoring systems” – more than two days after the event.
“UVM Health Network teams continue to make progress restoring systems following the global CrowdStrike cybersecurity protection software outage. Network IT teams have worked hard to limit the impact on patient care,” said the statement on the hospital’s website. “Nearly all functions across the network have returned to normal, and patient care should not be impacted by the ongoing restoration work. Patients should arrive at appointments as scheduled tomorrow, and seek emergency care as needed.”
At the press conference, Gov. Scott was asked about how Vermont can prevent crippling cyber outages in the future.
“We as a nation have to learn from this experience as well,” Scott said. He said he sits on a governors’ conference advising the federal government on working with state governments on security and defense.
Back-ups are the key, Scott advised. ”Duplication, redundancy, not putting our eggs in one basket…..We have to make sure we have another process in place, so that we’re not affected across the board.”
Wikipedia published an account of the Crowdstrike event, published below verbatim:
On 19 July 2024, American cybersecurity company CrowdStrike distributed a faulty update to its security software that caused an estimated 8.5 million computers running Microsoft Windows to crash and left them unable to properly restart. This caused what has been called the largest outage in the history of information technology and “historic in scale”.
The outage disrupted businesses and governments around the world. Affected industries included airlines, airports, banks, hotels, hospitals, manufacturing, stock markets, broadcasting, and more. Governmental services, such as emergency services and websites, were also heavily affected. The worldwide financial damage has been estimated to be about US $10 billion.
Within hours, the error was discovered and a fix was released, but because many affected computers had to be fixed by hand, outages lingered on many services.