Hospital stuff was affected. Most engineers are smart enough to not connect critical equipment to the Internet, though.
Comment on Some bad code just broke a billion Windows machines
JeeBaiChow@lemmy.world 3 months ago
Whoda thunk automatic updates to critical infrastructure was a good idea?
LodeMike@lemmy.today 3 months ago
arunwadhwa@lemmy.world 3 months ago
I’m not in the US, but my other medical peers who are mentioned that EPIC (the software most hospitals use to manage patient records) was not affected, but Dragon (the software by Nuance that we doctors use for dictation so we don’t have to type notes) was down. Someone I know complained that they had to “type notes like a medieval peasant.” But I’m glad that the critical infrastructure was up and running. At my former hospital, we used to always maintain physical records simultaneously for all our current inpatients that only the medical team responsible for those specific patients had access to just to be on the safe side.
RunningInRVA@lemmy.world 3 months ago
This is pretty much correct. I work in an Epic shop and we had about 150 servers to remediate and some number of workstations (I’m not sure how many). While Epic make not have been impacted, it is a highly integrated system and when things are failing around it then it can have an impact on care delivery. For example if a provider places a stat lab order in Epic, that lab order gets transmitted to an integration middleware which then routes it to the lab system. If the integration middleware or the lab system are down, then the provider has no idea the stat order went into a black hole.
deranger@sh.itjust.works 3 months ago
Our lab was absolutely fucked from multiple integrations going down. I’m a Cupid analyst and we weren’t really affected. What app do you work on?
JeeBaiChow@lemmy.world 3 months ago
That’s actually a very smart idea, keeping physical records of every inpatient. Wonder why the ai companies don’t do transcription of medical notes, instead of trying to add ai features to my washer/ dryer combo. Just seems like a very practical use of the tech
deranger@sh.itjust.works 3 months ago
Wonder why the ai companies don’t do transcription of medical notes
They do, one of the things we’re working on implementing, much to my chagrin, is an AI thing where the doctor leaves their phone out during the visit. It listens to the patient and the doctor and generates a note.
For me, as soon as I see a doctor have his phone out I’m telling him to put that shit away and I don’t consent to some app listening to what I’ve got to say.
deranger@sh.itjust.works 3 months ago
I’m an Epic analyst - while Epic was fine, many of our third party integrations shit the bed. Cardiology (where I work) was mostly unaffected aside from Omnicell being down, but the laboratory was massively fucked due to all the integrations they have. Multiple teams were quite busy, I just got to talk to them about it eventually.
datendefekt@lemmy.ml 3 months ago
“type notes like a medieval peasant.”
Huh. I thought medieval peasants were usually illiterate? Even less computer literate?
Juvyn00b@lemmy.world 3 months ago
I work healthcare adjacent and some providers were affected as expected. Hoping as well that those critical systems were not, but that chance is non zero.
Toribor@corndog.social 3 months ago
Many compliance frameworks require security utilities to receive automatic updates. It’s pretty essential for effective endpoint protection considering how fast new threats spread.
The problem is not the automated update, it’s why it wasn’t caught in testing and how the update managed to break the entire OS.
jbloggs777@discuss.tchncs.de 3 months ago
It is pretty easy to imagine separate streams of updates that affect each other negatively.
CrowdStrike does its own 0-day updates, Microsoft does its own 0-day updates. There is probably limited if any testing at that critical intersection.
If Microsoft 100% controlled the release stream, otoh, there’d be a much better chance to have caught it. The responsibility would probably lie with MS in such a case.
Toribor@corndog.social 3 months ago
I don’t think that is what happened here in this situation though, I think the issue was caused exclusively by a Crowdstrike update but I haven’t read anything official that really breaks this down.
barsquid@lemmy.world 3 months ago
Some comments yesterday were claiming the offending file was several kb of just 0s. All signs are pointing to a massive fuckup from an individual company.
LainTrain@lemmy.dbzer0.com 3 months ago
Nah EDR is pointless like all of cybersecurity. All these compliance frameworks are just a further grift to get a slice of B2B procurement budgets. The practice of cybersecurity has caused a more severe widespread outage than any malware ever could.
mriormro@lemmy.world 3 months ago
lol, ok
fishpen0@lemmy.world 3 months ago
OP is not entirely wrong. At least in Linux land you can now implement EDR like functionality entirely with EBPF without installing a fucking rootkit. So traditional EDR products are a grift if you are on the bleeding edge.
jumjummy@lemmy.world 3 months ago
Ok Russian comrade. Security in companies is terrible. You’re right. It’s just a giant grift.
Now, go buy some limited time offer right fight fight shoes from agent orange.
LainTrain@lemmy.dbzer0.com 3 months ago
Genuinely, what? What is “fight fight fight shoes” and “agent orange” like the chemical? What does me being Russian have to do with it? Is this some kind of twitter lingo I’ve touched grass too much to understand?