The Gibraltar Health Authority’s computer system for GPs was hit by a major global IT outage on Friday that knocked businesses and institutions around the world offline.
The outage was caused by a faulty update to widely-used cybersecurity software and for the GHA, it meant GPs were unable to access patient data or write prescriptions using their web-based management system.
The outage had repercussions around the globe including in the UK, where major infrastructure including airlines, train companies, banks and media outlets ground to a halt after computer systems were knocked offline or leaving devices showing the so-called “Blue Screen of Death” (BSOD).
Across England, GP surgeries have reported being unable to book appointments or access patient records as their Electronic Management Information System [EMIS] went down. EMIS is the most widely used clinical system for primary care in the UK.
The GHA’s own EMIS also went down, with the authority alerting patients early on Friday that systems at the Primary Care Centre and Accident & Emergency were affected.
“No other GHA systems have been impacted, and all other GHA services are operating normally,” a spokesperson for No.6 Convent Place said.
As the GHA’s IT team worked to resolve the issue and put in measures to manage the situation, staff at the PCC and A&E provided support and guidance to patients.
The impact on the GHA’s EMIS also affected pharmacies and their ability to dispense prescribed medication.
The EMIS system provides the GHA with its primary care patient record system which offers an integrated, digital management of patient records which including scheduling and appointments, prescription management including electronic prescribing, dispensing and medication management, and clinical documentation of patient consultations.
A second element of the system that was impacted provides the GHA with its Accident & Emergency patient record system, including attendance records, triages and climical documentation.
“The practical implications of this outrage are that we are currently unable to schedule appointments for patients in the PCC or A&E using the electronic system,” the government spokesperson said before the outage was resolved.
“All business continuity plans are in effect, and we are working to minimise any disruptions to patients.”
At pharmacies in town, the outage led to practical impact and a shift back to paper as pharmacists worked to meet customer needs despite the IT issue.
Daisy Colton, from New Chemist, explained that when she had tried to log in as normal, she was met with a message that simply stated, ‘network error could not contact EMIS application server’.
Everything is done through this system, she explained, adding prescription information is entered into the system to dispense medication.
Even so, she said customers had been understanding and that the situation was “not too bad, and the regulars are very kind and they're willing to help when we tell them there is a problem with a computer.”
George Linares, from Calpe Pharmacy on Main Street, dispensed medication “the old fashioned way, by hand.”
Once the system was back up, the information would be entered manually. He did not have issues receiving prescriptions as they are usually dropped off by a delivery person.
Mr Linares spared a thought for those working at the Primary Care Centre.
The chief executive of CrowdStrike, the firm at the centre of the global IT outage, said he was “deeply sorry” for the incident, but warned it would take “some time” for systems to be fully restored.
George Kurtz said a fix had been deployed for a bug in an update rolled out by the cybersecurity firm which affected Microsoft Windows PCs.
George Kurtz said a fix had been deployed for a bug in an update rolled out by the cybersecurity firm which affected Microsoft Windows PCs, knocking many offline around the world, causing flight and train cancellations and crippling some healthcare systems.
In an interview with NBC’s Today Show in the US, Mr Kurtz said the incident was not a cyber attack, but admitted that despite CrowdStrike identifying the bug which sparked the issue and rolling out a fix, it would still be “some time” before all systems returned to normal.
“We’re deeply sorry for the impact that we’ve caused to customers, to travellers, to anyone affected by this,” Mr Kurtz said.
“We’ve been on with our customers all night and working with them – many of our customers are rebooting the system and it’s coming up and operational because we fixed it on our end,” he said.
“Some of the systems that aren’t recovering, we’re working with them, so it could be some time for some systems that just automatically won’t recover, but it is our mission to make sure that every customer is fully recovered and we’re not going to relent until we get every customer back to where they were and we’ll continue to protect them and keep the bad guys out of their systems.”
Asked if he ever thought an outage of this scale was possible, the CrowdStrike founder added: “Software is a very complex world and there’s a lot of interactions, and always staying ahead of the adversary is a tall task.”
The Gibraltar Government told the Chronicle it does not use CrowdStrike services for its cybersecurity measures, including at the Gibraltar International Airport and the Royal Gibraltar Police.
There were no reports of either the airport or RGP systems being impacted.
Around the world, banks, supermarkets and other major institutions reported computer issues disrupting services, while many businesses have been left unable to take digital payments.
Some local business, including at least one major gaming company, were also affected by the outage, experiencing problems with payment systems and websites.
There were reports of huge queues at Spanish airports too, including Malaga, as check-in systems were affected by the outage.
Professor Ciaran Martin, the founding chief executive of the National Cyber Security Centre (NCSC) said the incident was an “incredibly powerful illustration of our global digital vulnerabilities and the fragility of core Internet infrastructure.”
Prof Martin, who now works at the University of Oxford, said it was hard to estimate how long it would take to recover from the outage.
“The underlying problem is fixed and the fixes are being implemented. Some industries can recovery quickly. But others like aviation will have long backlogs. That said, I’d be surprised if we were still facing serious problems this time next week.”
He added that the cyber industry also needed to “get better” at “finding and fixing these single points of failure across all core digital infrastructure” and “managing how we cope when IT services fall over”, saying the world faced “more of these types of events” if changes were not made.