> I am positive that people in hospitals died as a direct result of this incident.
I'm less positive than you, just because my experience of healthcare infosec is that all a doctor has to do is say "I cannot be slowed down or prevented from doing x or people will die" and that's the end of any process or technical controls on x.
Same with utilities. I've seen the ICS engineers say "No you cannot put a password on this console because I may need instant access to prevent a blackout / explosion" and that pretty much ends the discussion.
Often that's not even wrong. Of course when there is a security incident there'll be a kneejerk reaction to that, and of course that's why ransomware groups love healthcare, but in the meantime, those risks seem reasonable.
Which means I'm guessing Crowdstrike killed a lot of healthcare billing but not a lot of critical care systems because it got ripped off those 30 seconds after install if it was ever installed at all.
Apropos of anything else, “emergency downtime procedures” do not guarantee the same level of care as normal operations. I’ve worked in and out of hospitals as a critical care paramedic for years.
The commenter said they did not believe hospitals “have the time nor resources to pause and put in place an emergency downtime operating protocol” [1]. That is a reasonable guess. It’s not something one would expect from someone with “clinical or hospital administration experience.”
It’s a glib response, but so is “yes” to a request for attribution.
