Update the healthcare incident resulting from compromised Citrix credentials

UnitedHealth Group CEO Andrew Witty will testify before Congress on May 1 regarding a cyberattack on Change Healthcare, a subsidiary of UnitedHealth, that reportedly involved compromised credentials. Threat actors used these credentials to access a Citrix portal enabled with multi-factor authentication, leading to a ransomware attack and a $22 million payment to ALPHV/BlackCat. This incident is considered the most significant cyberattack in the healthcare sector, impacting one in three patients as Change Healthcare processes 15 billion healthcare transactions annually.

Witty’s prepared statement for the House Energy and Commerce Committee’s Oversight and Investigations Subcommittee highlights the need to enhance cybersecurity in healthcare. He mentioned the challenge of deciding to pay the ransom and stressed the importance of mandatory minimum safety standards for the industry. Witty also emphasized support for collaborative efforts between the government and private sector, including funding and training for institutions requiring assistance with cybersecurity measures, particularly in rural communities.

While a Citrix spokesperson acknowledged awareness of the incident at UnitedHealth, the company clarified that the access was not obtained through a flaw in its portal, but rather through compromised credentials without multi-factor authentication. The spokesperson emphasized the distinction between a bug or vulnerability and compromised credentials, clarifying the access method used in this cyberattack.

An earlier reference to unpublished and unconfirmed research suggesting a technology company as the attack vector for the Change Healthcare incident has been removed for accuracy and transparency in reporting. SC Media aims to provide reliable information and regrets any discrepancies in achieving this goal.

Overall, the Change Healthcare cyberattack serves as a stark reminder of the importance of robust cybersecurity measures in the healthcare industry. Witty’s testimony underscores the need for organizations to strengthen their defenses against cyber threats and collaborate on implementing effective security standards to safeguard sensitive data and protect the integrity of healthcare systems.

Citrix-credentials”>Article Source