Change to the healthcare incident resulting from compromised Citrix credentials

UnitedHealth Group CEO Andrew Witty will testify before Congress on May 1 regarding a cyberattack on a Change Healthcare Citrix portal that resulted in a $22 million ransom payment. The attack, which is believed to be the most far-reaching cyberattack in the healthcare sector, involved threat actors gaining access to the portal using compromised credentials and no multifactor authentication. Once inside the system, the attackers moved laterally and exfiltrated data before deploying ransomware nine days later.

In his prepared statement, Witty expressed the need to strengthen cybersecurity in healthcare and emphasized the difficulty of the decision to pay the ransom. He called for mandatory minimum safety standards for the healthcare industry, developed in collaboration between the government and private sector. Witty also highlighted the importance of providing funding and training to help institutions, particularly in rural communities, improve their cybersecurity measures.

In response to inquiries, a Citrix spokesperson clarified that the access to the portal was not gained through a flaw in their system but rather through compromised credentials. The spokesperson emphasized the distinction between compromised credentials and a bug or vulnerability in the portal, stating that multifactor authentication was not used in this case.

Overall, the cyberattack on Change Healthcare highlights the vulnerabilities present in the healthcare sector and the need for stronger cybersecurity measures. Witty’s testimony before Congress and his call for industry-wide standards and support for institutions seeking to improve their cybersecurity posture underscore the importance of proactive measures to prevent future attacks.

Citrix-credentials”>Article Source