In the labor and delivery department at Kaiser Permanente San Jose Medical Center in California on Thursday, a baby had just been born around 9 p.m. Registered nurse Kim Brown was coming to the end of her shift.
“After what's called the golden hour, where baby and mom get to bond and do their skin-to-skin time, we have a set of normal newborn medications that we give all of our babies,” Brown said.
Just as that baby was getting these medications, like antibiotic eye ointment ... "The computer just - boop - shut off,” Davis said.
And it wouldn't restart. It soon became clear it wasn't just one computer. It was all of them.
“They were kind of here and there, coming on and off, and then everything just completely went down,” Davis said.
The medical records system went dark. So did the central system for monitoring the baby's vital signs. So they assigned a nurse to each baby. And the security system for making sure no babies were taken out of the unit also went down, so security staff had to come sit by the door to safeguard the babies.
“It was kind of surreal, and, you know, of course, rumors started flying. Is this a cyberattack? What's going on?” Davis recalled.
What was going on was part of a worldwide glitch, affecting everything from airports to local government to banking. All these systems were using CrowdStrike, software designed to protect data and block cybersecurity threats.
“So, this was a software update for CrowdStrike that didn't play well with Microsoft operating systems,” said Joshua Glandorf, chief information officer at UC San Diego Health.
Glandorf explained that any computer running both Windows and CrowdStrike became basically unusable. In hospitals, some surveillance cameras went down, and clinicians weren't able to use their ID badges to unlock secure areas.
Brown said she was astounded when she came to understand how many health care systems across the world were affected.
“911 systems are down,” she said. “Like, it's just absolute madness that one incorrect update to a system could literally bring the planet to its knees technologically. It definitely warrants further investigation and hopefully a way of preventing this from happening again, 'cause holy cow.”
Dr. Mitesh Rao, an emergency physician at Stanford University who also runs a data infrastructure company, said there's a big reason why health care was hard so hit by this fiasco.
“Everything runs on Windows in health care,” Rao said. “Anytime you have one system driving so much, there's a high risk of impact from failure.”
Although the CrowdStrike issue affected many industries, the stakes in health care are high, Rao said.
“There are patients coming in through the emergency department every second who need immediate care,” Rao said. “There (are) car accidents. There (are) heart attacks. There are people giving birth, all sorts of stuff just happening constantly.”
He said hospitals and clinicians train for problems and setbacks. They can pivot and do whatever's needed to keep patients safe.
Brown said that's what happened in her labor and delivery unit at Kaiser San Jose.
“We do have a downtime protocol in place that they implemented rather quickly,” Brown said.
She said employees can even fax if they need to, but it's more complicated and stressful. She was relieved to learn before her next shift everything was back up and running.