Change Healthcare cyber criminals exploited Citrix vulnerability to gain unauthorized access, CEO reveals

Change Healthcare cyber criminals exploited Citrix vulnerability to gain unauthorized access, CEO reveals

Hackers were able to breach Change Healthcare’s IT systems by exploiting a vulnerability in a Citrix remote desktop access product, as stated by Andrew Witty, CEO of UnitedHealth, the parent company of Change Healthcare. This information will be discussed during Witty’s testimony before the House Energy and Commerce Committee later this week, as reported by Reuters. The cyberattack on Change Healthcare, which occurred in late February, led to the shutdown of parts of its infrastructure and impacted local pharmacies and adjacent businesses. It was later revealed that the attack resulted in a data ransom.

During his testimony, Witty will mention that the exact entry point of the attack was unknown at the time. However, as a precaution, connectivity to Change’s data centers was immediately cut off to prevent further infection. The attackers gained access to the company’s Citrix portal using a compromised username and password combination, as there was no multi-factor authentication in place at that time. The specific Citrix flaw that was exploited during the attack remains unidentified, despite warnings from US officials about security vulnerabilities in Citrix tools issued late last year.

Following the cyberattack, it was reported that an affiliate of ALPHV (BlackCat), a well-known ransomware-as-a-service provider, breached Change Healthcare and stole 4TB of sensitive customer data. The group demanded $22 million in cryptocurrency in exchange for the decryption key and to keep the data private. A blockchain transaction matching this amount was later detected, leading to speculation that the company may have attempted to pay the ransom. Despite this, ALPHV abruptly shut down its operation, with the affiliate claiming to have kept the money and the data.

In the aftermath of the attack, there was no clear resolution, as ALPHV vanished with the ransom payment and the stolen data. The incident shed light on the importance of implementing strong cybersecurity measures, such as multi-factor authentication, to prevent unauthorized access to sensitive information. As cybersecurity threats continue to evolve, organizations must remain vigilant and proactive in safeguarding their IT systems to mitigate the risk of potential breaches.

Overall, the cyberattack on Change Healthcare serves as a reminder of the ongoing cybersecurity challenges faced by organizations in today’s digital landscape. It underscores the need for robust security measures and prompt responses to mitigate the impact of cyber threats on businesses and their customers. As technology advances, cybersecurity practices must evolve to effectively defend against sophisticated cyber threats and protect sensitive data from unauthorized access.

Article Source
https://www.techradar.com/pro/security/change-helathcare-hackers-took-advantage-of-citrix-vulnerability-to-break-in-ceo-says