Yet another ESRO disaster. Tool they mandated everyone to use wasnt ready for peak season volume. Impacting customers for over 12 hours now with 20% error rate from the CloudFlare firewall.
Who coulda seen this coming?
5 replies (most recent on top)
@c2 OPs statement is very clear if you have an Incident Handling background. Shew and go elsewhere. Here I will help you understand as I am not the OP:
- all or companies determine their peak season as that means tons of traffic.
- during peak season, typically there are 'freezes' or 'black-outs' of infrastructure changes and coding to avoid service disruptions.
Perhaps they should have run a tabletop with Crowdstrike, called, references and scoured all public comment boards to understand how the company is operating AND seriously, look at the contract...too late now.
be more broad and vague with your statement. write a blog
Well of course there are problems with Cloudflare. They provide protection for threat actors as well. Due diligence is not high on their list, just counting money. They've had ongoing performance issues since roughly the end of June 2025. Maybe the outage is due to the phishing and malware actors they are hosting. Also, Cloudflare ignores responsible disclosures of the threat actors using their service.
Enough of ESRO leadership is not about what you know, it's who you know. These are the left-over people from Bookers era. Look for those who were laid off or left as they were the people who worked well across the company to keep it secure. They had a zero-trust framework, too bad it's not in use anymore.
Its wild. There isnt a person in Optum accountable for this single point of failure that affects all technology in the company. Theyre all just on the call kicking it to external CloudFlare representives who are doing trial and error on our Production environment company wide.
I feel like im in the twilight zone right now
All they did was shuffle the chairs on the Titanic. The new leaders in ESRO are the same people who let multiple breaches occur across UHG. Their failures to better implement policies and controls at NIE led us to where we’re at. Paying ransoms through secret third parties while denying publicly is in contradiction of Integrity culture. Instead of understanding their shortcomings, they have doubled down with processes and tools that are not prime time ready, by introducing processes or tools that on surface looks pretty but details are difficult to understand or follow. When issues rise, there is no accountability for resolution and customers are left hanging dry. We’re told to open our mouths while policies and controls are shoved down our throats. In the meantime they introduce tools and processes that even Government organizations can admire due to its inefficiencies and bureaucracy. Unfortunately the recent org is the cancer in ESRO.