Last week, CrowdStrike released its root cause analysis of the July 19 Channel File 291 incident, which prompted a global outage. According to CrowdStrike’s investigation, the incident was caused by an error in a Rapid Response content update delivered to certain Windows hosts. The faulty update caused many hospitals to cancel appointments and delay services, incurring significant financial losses.
In the report, CrowdStrike explained that it introduced a new sensor capability to enable visibility into possible attack techniques in February. The capability predefined a set of fields for Rapid Response Content to gather data. After previous successful updates following a stress test, when the July 19 update was delivered, the sensor expected 20 input fields, while the update provided 21 fields. This mismatch resulted in an out-of-bounds memory read, causing the system to crash.
“The biggest losses are thought to have been experienced by the healthcare industry,” reported Steve Alder on August 8 for The HIPAA Journal. “Healthcare is estimated to have suffered direct losses of $1.94 billion, with an average estimated loss of $64.6 million per company, with the banking sector also experiencing high losses of $1.15 billion and an average loss of $71.84 million per company. These two sectors will have to absorb more than half of the total financial losses caused by the outage.” “The overall losses at airlines are lower at an estimated $860 million,” Alder wrote.
“As of 8:00 p.m. EDT on July 29, 2024, ~99% of Windows sensors were back online, compared to before the content update and using a week-over-week comparison,” said CrowdStrike’s founder and CEO, George Kurtz, in a statement.