Faulty CrowdStrike update on Windows grounds U.S. flights, disrupts hospitals and businesses

A faulty software update pushed by cybersecurity firm CrowdStrike to Microsoft Windows systems unleashed widespread disruption Friday, grounding U.S. flights and snarling operations across hospitals, retailers and government offices. Problems persisted for hours even as Microsoft said it was gradually rolling out fixes.

The outage highlighted the fragility of critical services tethered to a handful of tech providers. Media outlets were knocked offline and small businesses reported interruptions. At the heart of the disruption was CrowdStrike, whose software is used by thousands of companies worldwide.

Airlines and other corporate customers that run Windows were among those affected after the overnight update. Air travelers became the face of the outage as images of crowded terminals spread. In the United States, American Airlines, Delta Air Lines, United Airlines, Spirit Airlines and Allegiant Air grounded flights for varying lengths of time Friday morning.

Carriers said systems used to check in passengers and calculate aircraft weight—information required for takeoff—were among those impacted. United and some other airlines issued waivers allowing customers to change travel plans. Hospitals across the U.S. reported uneven effects.

Harris Health System, which runs public hospitals and clinics in the Houston area, suspended hospital visits “until further notice” and canceled or rescheduled elective procedures. The outage affected records systems at Providence, a health network with 51 hospitals in Alaska, California, Montana, Oregon and Washington state.

New York-based Memorial Sloan Kettering Cancer Center said it paused the start of procedures requiring anesthesia. In New England, some hospitals canceled appointments. Mass General Brigham, the largest health care system in Massachusetts, said all scheduled nonurgent surgeries, procedures and medical visits were canceled for Friday, though emergency departments remained open.

Other providers reported limited impact: the 188-hospital HCA Healthcare system said it did not expect its ability to provide care to be affected; Los Angeles-based Cedars-Sinai Health System remained open and continued to provide care; and the Cleveland Clinic said patient care was not affected.

The outage also rippled through retail. Starbucks said customers were unable to order ahead online or via its app. The company apologized and said it was serving customers in “a vast majority” of its stores and drive-thrus. Impact stretched beyond the U.S. In Canada, the University Health Network said clinical activity was continuing as scheduled.

In Britain, the National Health Service reported problems at most doctors’ offices across England as the outage hit the appointment and patient record system used across the service. The NHS said the 999 emergency number was not affected. The overnight outage was blamed on a CrowdStrike software update sent to Microsoft computers used by corporate customers, including many airlines.

As fixes continued to roll out, airlines offered waivers and some health systems adjusted schedules, underscoring how recovery efforts varied by sector and region.