A follow up question is why is the one OS chosen the one historically worst at security.

It appears insecure because it is under constant attack because it is so prevalent. Let’s not pretend the *nix world is any better.

I’m no fan of Windows or Microsoft but the commitment to backwards compatibility should not be underestimated.

Are you sure that argument still holds when everyone has Android/iOS phone with apps that talk to Linux servers, and some use Windows desktops and servers as well?

There isn't, and never was, a benevolent dictator choosing the OS for computers in medical settings.

Instead, it's a bunch of independent-ish, for-profit software & hardware companies. Each one trying to make it cheap & easy to develop their own product, and to maximize sales. Given the dominance of MS-DOS and Windows on cheap-ish & ubiquitous PC's, starting in the early-ish 1980's, the current situation was pretty much inevitable.

To add detail for those that don't understand, the big healthcare players barely have unix teams, and the small mom and pop groups literally have desktops sitting under the receptionist desk running the shittiest software imaginable.

The big health products are built on windows because they are built by outsourced software shops and target the majority of builds which are basically the equivalent of bob's hardware store still running windows 95 on their point of sale box.

The major players that took over this space for the big players had to migrate from this, so they still targeted "wintel" platforms because the vast majority of healthcare servers are windows.

Its basically the tech equivalent of everything evolved from the width of oxen for railway.

Because of critical mass. A significant amount of non-technically inclined people use Windows. Some use Mac. And they're intimidated by anything different.

Generally speaking employees don't really per se use windows so much as click the browser icon and proceed to use employers web based tools.

There's a bunch of non-web proprietary software medical offices use to access patient files, result histories, prescription dispensation etc. At least here in Ontario my doctor uses an actual windows application to accomplish all that.

Then they use those apps. The point is that since they usage of the OS as such is so minimal as to be irrelevant as long as it has a launcher and an X in the top corner.

They could as well launch that app in OpenBSD.

Momentum as well. Many of these systems started in DOS. The DOS->Windows transition is pretty natural.

Exactly !

Question is: why half+ of Fortune 500 companies allowed Crowdstrike - Windows hackers - access and total control of their not-a-ms-windows business ? Obviously Crowdstrike do not do medicine or lifting cranes differentiation. "In the middle of the surgery" is not in their use case docs!

There was somewhere Mercedes pitstop image with wall of BSoD monitors :) But that is not Crowdstrike business either...

And all that via public internet and misc clouds. Banks have their own fibre lines, why hospitals can't?

Airports should disconnect from Internet too, selling tickets can be separate infra, synchronization between POSes and checkout don't need to be in real time.

There is only one sane way to prevent such events: EOD controlled by organization and this is sharply incompatible with 3rd party on-line EOD providers. But they can sell it in a box and do real time support when called.

I mean this question is the most honest way; I am not trying to be snarky or superior.

What are the hard problems? I can think of a few, but I'm probably wrong.

Auditing: using Windows plus AV plus malware protection means you demonstrate compliance faster than trying to prove your particular version on Linux is secure. Hospitals have to demonstrate compliance in very short timeframes and every second counts. If you fail to achieve this, some or all of your units can be closed.

Dependency chains: many pieces of kit either only have drivers on windows or work much better on Windows. You are at the mercy of the least OS diverse piece of kit. Label printers are notorious for this as an e.g.

Staffing: Many of your staff know how to do their jobs excellently, but will struggle with tech. You need them to be able assume a look and feel, because you dont want them fighting UX differences when every second counts. Their stress level is roughly equiv. to their worst 10 seconds of their day. And staff will quit or strike over UX. Even UI colour changes due to virtualization down scaling have triggered strife.

Change Mgmt: Hospitals are conservative and rarely push the envelope. We are seeing a major shift at the moment in key areas (EMR) but this still happening slowly. No one is interested in increasing their risk just because Linux exists and has Win64 compatability. There is literally no driver for change away from windows.

> There is literally no driver for change away from windows.

(Not including this colossal fuck up.)

No hospital will shift to Linux because of this incident. They may shift away from Crowdstrike, but not to another OS.

It's actually not that hard from a conceptual implementation standpoint, it's a matter of scale, network effects, and regulatory capture

> What are the hard problems? I can think of a few, but I'm probably wrong.

Billing and insurance reimbursement process change all the time and is a headache to keep up to date. E.g. the actual dentist software is paint but with mainly the bucket and some way to quickly insert teeth objects to match your mouth. I.e. almost no medical skill in the software itself helping the user.