Agencies with large remote workforces have had difficulty repairing affected devices.
Harun Özalp/Anadolu/Getty Images
Universities are still feeling the effects of a major technology outage caused by an update to the cybersecurity software CrowdStrike on Friday. Many educational institutions in the US are currently closed, but some were forced to cancel summer classes on Friday after the outage took down Wi-Fi networks and Microsoft computers.
Two Texas universities, Texas A&M University and the University of Houston-Victoria, canceled classes due to the outage. Still, Texas A&M leaders sent a message to the campus saying the campus was open and new student events would proceed as scheduled. The university directed its IT resources to prioritize supporting its events during the outage. Late Friday afternoon, the university announced that 81 percent of its servers had been restored and classes would resume as normal starting today.
Other universities reported that their Wi-Fi and devices were affected but chose not to cancel classes. For example, Rochester Institute of Technology shared on social media that it had no wireless internet on campus for most of the morning, but that it was restored by 11:50 a.m.
Most popular stories
Most Popular
Websites that run on Microsoft cloud software also went down. Del Mar College, a community college in Texas, said in a post on X that the outage had taken down its online student portal, WebDMC, where students’ academic and financial records are stored.
Higher education institutions were not the only ones affected. Industries around the world experienced major hardship from the outage, with major airlines, banks, and even emergency services temporarily shutting down in what experts are calling one of the largest and most severe outages in history. In the wake of the incident, IT experts are urging companies to implement solutions that will make them less vulnerable in the future.
In some cases, a university’s online learning division was more affected than its in-person campus. Barry Brummund, chief information officer at the University of Arizona, told Inside Higher Ed that the university’s “enterprise information technology services have not been affected, but [Friday’s] Due to a “global technology outage,” the University of Arizona Global Campus, the online arm of the University of Arizona, said it was “experiencing login issues on employee workstations and is currently working to resolve the issue.”
CrowdStrike announced a solution to the shutdown within hours of the faulty update, but the process was too complicated for many non-IT professionals, said Dominic Sellitto, a professor of management science and systems at the University at Buffalo. As a result, many institutions are asking employees to bring their devices to campus IT teams for repairs. The outages are likely to hit hardest at universities where professors and staff work remotely and have difficulty getting in-person access to their computers, Sellitto said.
“Many of the organizations that have taken the longest to resolve and are still working through them are those that have distributed computing environments, employees working from home, etc.,” Sellitto said. Some companies have had to send new devices to remote employees and ask them to send back their current devices for repairs, he noted.
The problem can’t be fixed all at once, and with thousands of affected devices across campus in various classrooms, computer labs, offices, libraries, and more, it could take IT teams hours to resolve all the computer issues. In an update Friday afternoon, Texas A&M University said 2,800 of its 10,000 workstations had been restored.
Fortunately, the students were unlikely to be affected by the outage on their own computers because the technology that caused the outage was CrowdStrike’s Falcon product, which is typically targeted at organizations and businesses rather than individual consumers.
University Health Systems is among many hospitals affected by the outage. University of Rochester Medical Center posted on X that “multiple computers supporting clinical functions are down,” adding that some urgent care facilities, lab blood collection stations and patient call centers will open with delays. Miami University Health System announced on Facebook that everything will be done with paper and pen until computers are back online. Other hospitals, including Penn Medicine, the Hospital System of the University of Pennsylvania, have halted all non-urgent appointments.
Lessons for the future
While academia wasn’t as severely affected as other industries, there are still lessons university IT leaders can learn to avoid damaging outages in the future, Sellitto said.
The outage affected many computers around the world because many companies that use CrowdStrike automatically downloaded the Falcon update. Typically, it’s an IT best practice not to automatically download software updates for this very reason: to avoid accidentally downloading something that might be flawed, Sellitto said. But when it comes to cybersecurity software, IT pros often ignore this rule, because updates to these technologies are meant to address the latest security threats.
“A lot of companies say, ‘No, no, the risk of being hacked outweighs the risk of updating,'” he says.
Agencies would do well to reevaluate their thinking and think critically about how to resolve this tug-of-war between best practices and cybersecurity concerns.
He also said the outage has prompted more businesses to consider ways to keep operations running even if their computers go down.
“Organizations are going to have to put more and more effort into this concept that we call business continuity,” he said. “You need a fallback.”
