After a major IT outage, companies and institutions around the world were offline. The cause was probably a faulty update to a widely used cybersecurity software.
The outage is “causing disruption to the majority of GP practices” in England, but there is currently no known impact on 999 numbers or other emergency services, NHS England said.
The health service said patients should keep appointments unless told otherwise and only contact their GP in urgent cases.
The NHS is aware of a global IT outage and a problem with a GP appointment scheduling and patient records system.
If you have an appointment, please attend unless you are told otherwise. If you need help, call 111 online or by phone, or 999 in an emergency.
➡️https://t.co/M4QxHP2GqM
— NHS England (@NHSEngland) July 19, 2024
Major infrastructure facilities such as airlines, railways, banks and media companies came to a standstill after their computer systems went offline or their devices displayed the so-called “Blue Screen of Death” (BSOD).
In the UK, Sky News stopped broadcasting and Britain’s largest rail company warned passengers that there could be disruption due to “widespread IT issues”. Many major airlines and airports also did the same.
Across England, GP practices reported being unable to book appointments or access patient records due to the failure of their EMIS web system.
The National Pharmacy Association (NPA) also stated that “local pharmacy services have been disrupted today, including receiving prescriptions from GPs and the delivery of medicines”.
Around the world, banks, supermarkets and other large institutions reported computer problems that disrupted their services, and many businesses were no longer able to accept digital payments.
Microsoft has confirmed that it is aware of the issues with its Azure cloud platform and is fixing them. However, many cybersecurity experts have pointed to global cybersecurity company CrowdStrike, which provides monitoring and protection against cyberattacks for many large companies, as a possible cause of the problem.
According to experts, a faulty update to CrowdStrike’s Falcon sensor software could be the cause of the problem.
CrowdStrike has not commented on the issue, but calls to the company’s technical support line were answered with a recorded message saying the company was “aware of reports of crashes on Windows… related to the Falcon sensor.”
CrowdStrike has advised affected customers to log into their customer service portal for assistance.
Overnight, Microsoft confirmed it was investigating an issue with its services and apps, with the tech giant’s Service Health website warning of a “service degradation” that means users may not be able to access many of the company’s most popular services, used by millions of businesses and people around the world.
Cybersecurity expert Troy Hunt also reported problems at CrowdStrike. Australian telecommunications company Telstra posted on X (formerly Twitter) that the global outage was “due to a global issue affecting both Microsoft and CrowdStrike.”
Ryanair is one of the companies affected. The airline posted on its website: “Potential disruption across the network (Friday 19 July) due to a global third-party system outage.”
“Affected passengers will be notified and all passengers travelling across the network on Friday 19 July should check their Ryanair app for the latest updates on their flight.
“We recommend that passengers arrive at the airport three hours before their flight departure to avoid disruption.
“We regret any inconvenience caused to passengers by this third-party IT issue. It is outside of Ryanair’s control and affects all airlines operating in the network.”
Edinburgh Airport said the IT outage was leading to longer waiting times.
A spokesman said: “Due to an IT system failure, there are longer than usual waiting times at the airport.
“This outage impacts many other businesses, including airports.
“We are working to resolve this issue and our teams are ready to assist where they can. We thank passengers for their patience.”
Meanwhile, Govia Thameslink Railway (GTR) – the parent company of Southern, Thameslink, Gatwick Express and Great Northern – warned passengers that delays were to be expected due to the problem.
According to service status monitoring website Downdetector, users reported issues with the services of Visa, BT, major supermarket chains, banks, online gaming platforms and media companies.
GP practices across England reported on social media that they were unable to access the EMIS web system.
It is believed that NHS hospitals are currently unaffected by the outage.
EMIS Web is the most widely used clinical system for primary care in the UK.
It allows GP practices to book appointments and view records, includes a clinical decision support tool and assists with administration.
The Solihull Healthcare Partnership in the West Midlands said there was a “national problem” with EMIS Web.
On X it said: “Unfortunately there is a nationwide problem with EMIS Web – our clinical computer system.
“This impacts our ability to schedule appointments/consult patients this morning.”
Windrush Medical Practice in Witney, Oxfordshire, said it would continue to treat emergency cases but asked patients with “routine concerns” to wait until Monday.
Other medical practices affected by the power outage said the problem would have a “major impact.”
Central Lakes Medical Group in Ambleside wrote on X: “We have been affected by the IT outage.
“This will have a significant impact on us, so we apologize in advance for any inconvenience and delays on the phone.”
Cybersecurity experts said a problem with the platform would have far-reaching implications because CrowdStrike’s Falcon Sensor has extensive access to business systems.
Toby Murray, associate professor at the School of Computing and Information Systems at the University of Melbourne, said: “CrowdStrike Falcon has been linked to this large-scale outage. CrowdStrike is a global cybersecurity and threat intelligence company.
“Falcon is what’s known as an Endpoint Detection and Response (EDR) platform, which monitors the computers it’s installed on to detect and respond to intrusions – hacks. This means Falcon is quite privileged software because it can influence the behavior of the computers it’s installed on.
“For example, if Falcon detects that a computer is infected with malware that causes the computer to communicate with an attacker, it could be entirely possible for Falcon to block that communication. If Falcon malfunctions, it could cause a widespread outage for two reasons – first, because Falcon is deployed on many computers, and second, because Falcon has privileged properties.
“Falcon is a bit like antivirus software: it is regularly updated with information about the latest online threats – so that it can better detect them. We have certainly seen in the past that antivirus updates have caused problems here, for example.
“Today’s outage may have been caused by a faulty Falcon update.”
