Skip to content

VMVirtualMachine.com

Virtual Machine News Platform

  • Home
  • About Us
  • Internetworking
  • Networking 101
  • VM Virtual Machine
    • Azure VM
    • Microsoft Hyper-V
    • VirtualBox
    • Virtual Server Security
    • Virtual Machine Downloads
    • Virtual Machine Security
    • VMware Virtual Machine
  • Tech News
    • Citrix
    • Microsoft
    • VMware
  • Contact Us
  • Home
  • Citrix
  • Change Healthcare breached by cyber attackers using compromised Citrix account without multi-factor authentication

Change Healthcare breached by cyber attackers using compromised Citrix account without multi-factor authentication

vm_adminJune 7, 2024
Change Healthcare breached by cyber attackers using compromised Citrix account without multi-factor authentication



In recent news, UnitedHealth has confirmed that Change Healthcare’s network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company’s Citrix remote access service. The attack caused severe disruptions to critical healthcare services, with estimated financial damage totaling $872 million.

The ransomware gang initially claimed to have received a ransom payment of $22 million from UnitedHealth, but the payment was reportedly stolen by an affiliate in what is known as an exit scam. Following this, RansomHub was brought in to add an additional demand for extortion through the leak of stolen data.

UnitedHealth admitted to paying a ransom to protect people’s data after the attack but did not disclose details about the attack or the attackers involved. The initial attack occurred on February 21, with threat actors gaining access to Change Healthcare’s network ten days earlier.

Investigations revealed that the attackers first accessed Change Healthcare’s Citrix portal on February 12 using stolen employee credentials. However, it is unclear how these credentials were initially obtained, whether through phishing or data-stealing malware. The portal did not have multi-factor authentication, allowing the threat actors to move laterally across systems before deploying the ransomware.

UnitedHealth’s CEO, Andrew Witty, made the difficult decision to pay the ransom to protect the organization’s data. Following the attack, the company took swift actions to contain the threat, including replacing laptops, rotating credentials, and rebuilding the data center network and core services within a few weeks.

Despite leaked data containing protected health information and personally identifiable information, there has been no evidence of the exfiltration of complete medical records or histories. Medical claims, payment processing, and pharmacy networks are operating at near-normal levels following the incident.

In an update, Hudson Rock’s CTO disclosed that ransomware malware had stolen Change Healthcare employee’s Citrix credentials on February 8. The stolen credentials were associated with the remote application URL for Change Healthcare’s Citrix Gateway login page, though it is unclear if these credentials were used in the ransomware attack.

Overall, the ransomware attack on Change Healthcare highlights the vulnerabilities in healthcare networks and the importance of robust cybersecurity measures to protect sensitive data and critical services. The incident serves as a reminder of the ongoing threat posed by cybercriminals and the need for constant vigilance in safeguarding digital infrastructure.

Article Source
https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/amp/

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • Digg
  • Tumblr
  • Reddit
  • Buffer
  • Blogger
  • Newsvine
  • HackerNews
  • Flipboard
  • Share
  • LiveJournal
  • Yammer
  • Mix
  • Instapaper
  • Copy Link
  • Mastodon
Citrix
Tagged Account, Attackers, authentication, breached, Change, Citrix, Compromised, cyber, Healthcare, MultiFactor

Post navigation

⟵ Cisco Announces $1 Billion AI Fund to Support Startup Investments and Innovative Solutions
Prepare for Change: Broadcom’s VMware Deal Leads to Sharp Turns for Channel Partners ⟶

Related Posts

Race to Patch CitrixBleed Vulnerability and Conduct Malicious Activity Analysis
Race to Patch CitrixBleed Vulnerability and Conduct Malicious Activity Analysis

The Cybersecurity and Infrastructure Security Agency is urging organizations to address an active vulnerability in Citrix NetScaler ADC and NetScaler…

Delivery Controllers Market Is Booming So Rapidly with F5 Networks, Citrix Systems, A10 Networks
Delivery Controllers Market Is Booming So Rapidly with F5 Networks, Citrix Systems, A10 Networks

Delivery Controllers Market HTF MI recently introduced Global Delivery Controllers Market study with 143+ pages in-depth overview, describing about the…

How Much More Must We Bleed? – Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
How Much More Must We Bleed? – Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)

Before you dive into our latest diatribe, indulge us and join us on a journey. Sit in your chair, stand…

  • AI
  • AI Chatbot
  • AI Labs
  • AI News
  • AI Podcast
  • Amazon Web Services
  • Azure VM
  • Blockchain
  • Breaking News
  • Broadcom
  • Cisco
  • Citrix
  • Crypto Corner
  • Google
  • Google Illuminate
  • Grok
  • HPE
  • IBM
  • Intel
  • Internetworking
  • Microsoft
  • Microsoft Hyper-V
  • Networking 101
  • Nutanix
  • Nvidia
  • OpenAI
  • Oracle
  • Storm Watch
  • Trading Corner
  • Virtual Machine
  • Virtual Machine Downloads
  • Virtual Machine Security
  • VirtualBox
  • Virtualization News
  • VM Networking
  • VM Virtual Machine
  • VMware
  • VMware Fusion Pro
  • VMware Virtual Machine
  • VMware Workstation Pro
Copyright © 2026 VMVirtualMachine.com | Extensive News by Ascendoor | Powered by WordPress.
Go to mobile version