What question did this study set out to answer?

This research aims to evaluate the preparedness of healthcare facilities for downtime events, particularly following the CrowdStrike cyber incident.

March 25, 2026

Healthcare Downtime Readiness Pre and Post CrowdStrike

Key Points

This research aims to evaluate the preparedness of healthcare facilities for downtime events, particularly following the CrowdStrike cyber incident.
Administered two surveys assessing downtime readiness: one before and one after the CrowdStrike event.
The pre-event survey included 64 questions on current procedures and training.
The post-event survey had 27 questions focusing on challenges faced during the CrowdStrike outage.
All departments had downtime plans, but only 77% tested them.
Major challenges included difficulties with paper charting and data reconciliation during recovery.
Only 78% had printed downtime forms at the event's start, and 48% could operate for over 2 days.
44% and 33% had backups for departmental and interdepartmental communication during downtime.
79% felt they had access to adequate information during the event.

Abstract

Introduction: Growing dependence on digital systems for operations increases the risks for healthcare during downtime events. Cyberattacks typically result in hospitals needing to use downtime procedures for multiple weeks, severely compromising patient safety and care. The 2024 Crowdstrike global failure event provided an opportunity to assess the adequacy of current downtime training and procedures. Methods: Our hospital system administered two surveys: one before the CrowdStrike failure as part of efforts to establish priorities to improve hospital downtime readiness and the other as part of the evaluation process after the CrowdStrike outage. Both surveys included multiple-choice and open-ended questions. The downtime readiness survey was administered in December 2023 and included 64 questions. The post-outage survey had 27 questions and was administered in July 2024. Results: The vulnerabilities identified in the 2023 survey were highly predictive of the primary issues reported in the post outage survey. The downtime readiness survey showed that all departments had downtime plans, but only 77% had tested them. The post-outage survey documented major challenges in paper charting, handoffs without digital systems, and reconciliation of data during recovery, as well as difficulties with rapidly transitioning to downtime procedures as the event began. Only 78% of departments had printed copies of necessary downtime forms on hand at the beginning of the event, and 48% had enough to operate for more than 2 days. Only 44% and 33% of departments reported having a backup for departmental and interdepartmental communication, respectively, during downtime. Positively, 79% of respondents felt they had access to sufficient information during the event. Conclusion: Our surveys describe priority areas of focus in the development of standardized policies, staff training, specialized response resources, and communication tools to improve digital downtime preparedness and response. Further work is needed to identify barriers to the adoption of recommended potential solutions.

Bookmark

View Full Paper

Bookmark

View Full Paper

Healthcare Downtime Readiness Pre and Post CrowdStrike

Key Points

Abstract

Cite This Study