Express & Star

Global IT outage knocks airlines, banks and others offline

Some firms have said an IT issue at Microsoft and cybersecurity firm CrowdStrike is to blame.

Published
Last updated
Passengers queuing at check-in desks at London Gatwick Airport

Businesses and institutions around the world have been been knocked offline after a major IT outage, believed to have been caused by a faulty update to widely used cybersecurity software.

The outage is “causing disruption in the majority of GP practices” in England but there is currently no known impact on 999 or emergency services, NHS England said.

The health service said patients should attend appointments unless told otherwise and should only contact their GP if it was urgent.

Major infrastructure including airlines, train companies, banks and media outlets have ground to a halt after their computer systems were knocked offline or leaving devices showing the so-called “Blue Screen of Death” (BSOD).

In the UK, Sky News went off air, while Britain’s biggest train company warned passengers to expect disruption because of “widespread IT issues”, as did many major airlines and airports.

Across England, GP surgeries have reported being unable to book appointments or access patient records as their EMIS Web system went down.

The National Pharmacy Association (NPA) also said “services in community pharmacies, including the accessing of prescriptions from GPs and medicine deliveries, are disrupted today”.

Around the world, banks, supermarkets and other major institutions reported computer issues disrupting services, while many businesses have been left unable to take digital payments.

Microsoft has confirmed it was aware of and fixing issues with its cloud platform, Azure, but many cybersecurity experts have reported the potential source of the issue as global cybersecurity firm CrowdStrike, which provides cyber attack monitoring and protection to many major businesses.

Experts have said a flawed update to CrowdStrike’s Falcon Sensor software could be the source of the problem.

CrowdStrike has not issued a statement on the issue, but calls to the company’s technical support phoneline were met with a recorded message which said it was “aware of reports of crashes on Windows … relating to the Falcon sensor.”

CrowdStrike has advised affected customers to log on to their customer service portal for assistance.

Overnight, Microsoft confirmed it was investigating an issue with its services and apps, with the tech giant’s service health website warning of “service degradation” that meant users may not be able to access many of the company’s most popular services, used by millions of businesses and people around the world.

Cybersecurity expert Troy Hunt also reported seeing issues at CrowdStrike, with Australian telecoms firm Telstra posting to X, formerly Twitter, that the worldwide outage was “because of a global issue affecting both Microsoft and CrowdStrike”.

Sky presenters
Sky News was knocked off air (Sky News/Screengrab)

Among the impacted firms are Ryanair, with the airline posting to its website: “Potential disruptions across the network (Fri 19 July) due to a global third party system outage.

“Affected passengers will be notified and any passengers travelling across the network on Fri 19 July should check their Ryanair app for the latest updates on their flight.

“We advise passengers to arrive at the airport three hours in advance of their flight to avoid any disruptions.

“We regret any inconvenience caused to passengers by this third party IT issue, which is outside of Ryanair’s control and affects all airlines operating across the network.”

Edinburgh Airport said the IT outage is causing longer waiting times.

A spokesperson said: “An IT system outage means wait times are longer than usual at the airport.

“This outage is affecting many other businesses, including airports.

“Work is ongoing to resolve this and our teams are on hand to assist where we can. Passengers are thanked for their patience.”

A general view of a Great Northern railway train at Hunt’s Cross station
Rail services were affected (Peter Byrne/PA)

Meanwhile, Govia Thameslink Railway (GTR) – parent company of Southern, Thameslink, Gatwick Express and Great Northern – warned passengers to expect delays because of the issue.

According to service status monitoring website Downdetector, users were reporting issues with the services of Visa, BT, major supermarket chains, banks, online gaming platforms and media outlets.

GP practices across England took to social media to report they cannot access the EMIS Web system.

It is understood that NHS hospitals are currently unaffected by the outage.

EMIS Web is the most widely used clinical system for primary care in the UK.

It enables GP practices to book appointments, examine records and includes a clinical decision support tool as well as helping with admin.

Solihull Healthcare Partnership in the West Midlands said there is a “national issue” with EMIS Web.

It said on X: “Unfortunately there is a national issue with EMIS Web – our clinical computer system.

“This will affect our ability to book/consult with patients this morning.”

Windrush Medical Practice in Witney, Oxfordshire, said it is continuing with emergencies but urged patients with “routine concerns” to wait until Monday.

Other GP surgeries hit by the outage have said the issue “will have a big effect”.

Central Lakes Medical Group in Ambleside wrote on X: “We’re impacted by the IT outage.

“This will have a big effect on us, so apologies in advance for the inconvenience caused, and delays on the phone.”

Cybersecurity experts said that the widespread access CrowdStrike’s Falcon Sensor had to business systems meant an issue with the platform would have widespread effects.

Toby Murray, associate professor in the School of Computing and Information Systems at the University of Melbourne, said: “CrowdStrike Falcon has been linked to this widespread outage. CrowdStrike is a global cybersecurity and threat intelligence company.

“Falcon is what is known as an Endpoint Detection and Response (EDR) platform, which monitors the computers that it is installed on to detect intrusions – hacks – and respond to them. That means that Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave.

“For example, if it detects that a computer is infected with malware that is causing the computer to communicate with an attacker, then Falcon could conceivably block that communication from occurring. If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons – one: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.

“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats – so it can better detect them. We have certainly seen anti-virus updates in the past causing problems e.g. here.

“It is possible that today’s outage may have been caused by a buggy update to Falcon.”