UnitedHealth is set to testify about a cybersecurity breach that occurred on February 12, where hackers gained access to a Citrix portal of its Change Healthcare unit using compromised credentials. CEO Andrew Witty mentioned that the threat actor moved within the systems and exfiltrated data. On February 21, a ransomware attack by a cybercriminal known as ALPHV encrypted the company’s systems. The company paid a ransom to ensure decryption, with reports suggesting it could be around $22 million.
The response to the attack was described as swift and forceful, with the decision to pay the ransom being portrayed as difficult by Witty. There are growing calls for better cybersecurity measures in healthcare, especially after this incident which has triggered demands for mandatory security standards for providers. The attack has also raised concerns about healthcare consolidation, particularly given UnitedHealth’s merger with Change Healthcare in 2022 as it could have widespread effects in case of successful cyberattacks.
The incident has also highlighted vulnerabilities in Citrix, with the NSA previously reporting similar issues in 2022. Citrix had alerted its customers about two critical zero-day vulnerabilities earlier this year. Experts pointed out the lack of proper remote access authentication that may have facilitated the attack. The app used by the hackers lacked multi-factor authentication controls, which is considered best practice in the industry.
The cybercriminals remained undetected in the systems for nine days and managed to steal data before launching the ransomware attack. Concerns have been raised about the cybersecurity infrastructure within the healthcare sector, with the attack on UnitedHealth’s Change Healthcare division highlighting the vulnerabilities that exist due to the company’s size and lack of appropriate security measures. This incident has led to a broader discussion about the risks that healthcare consolidation poses to the national security of the United States.
Article Source
https://www.csoonline.com/article/2096621/unitedhealth-hackers-exploited-citrix-vulnerabilities-ceo-to-testify.html/amp/