UnitedHealth Group CEO Andrew Witty is set to testify before the United States House of Representatives Subcommittee about a cyberattack on Change Healthcare in February. The attack utilized Citrix remote access software, according to Witty’s written testimony. Following the attack, UnitedHealth immediately severed connectivity with Change Healthcare’s data centers to prevent further infection. The hackers exploited compromised credentials to access the Citrix portal for remote desktop access, which did not have multi-factor authentication. The ransomware attack occurred nine days after the initial intrusion.
Witty’s decision to pay the ransom to the attackers, identified as the ALPHV/Black Cat Threat collective, was one of the largest in US history and aimed to restore disrupted health services quickly. The company confirmed the payment and is conducting a comprehensive review of the data to identify and notify affected individuals. The complexity of the review process may delay notifications for several months.
Critics have debated whether banning ransom payments could be an effective strategy in combating ransomware attacks. Some argue that prohibiting payments could disrupt cybercriminal revenue streams, while others caution that it could harm businesses and employees faced with no other options. Ian Thornton-Trump, a CISO at Cyjax, believes banning ransom payments may hinder executives’ ability to respond effectively to cyber threats and suggests governments provide relief mechanisms for affected businesses, offering alternatives to paying ransoms as a last resort.
The incident highlights the vulnerabilities in remote access software like Citrix, which has faced security incidents in the past. In 2023, Citrix issued a security advisory due to a critical vulnerability in its NetScaler products, known as Citrix Bleed, which was exploited in attacks on healthcare institutions. The company has faced challenges in addressing security flaws, with major organizations like Boeing and ICBC falling victim to successful ransomware attacks.
As cybersecurity threats continue to evolve, executives like Witty face difficult decisions in responding to cyberattacks. The debate over ransom payments underscores the need for proactive measures to protect businesses and individuals from the growing threat of ransomware attacks.
Article Source
https://www.itpro.com/security/citrix-vulnerability-behind-change-healthcare-cyber-attack-ceo-claims