Subj : Change Helathcare hackers took advantage of Citrix vulnerability To : All From : TechnologyDaily Date : Tue Apr 30 2024 15:45:04 Change Helathcare hackers took advantage of Citrix vulnerability to break in, CEO says Date: Tue, 30 Apr 2024 14:30:00 +0000 Description: UnitedHealth CEO is due to testify later this week, and explain what happened during the disruptive cyberattack. FULL STORY ====================================================================== To break into Change Healthcares IT systems, hackers abused a vulnerability in a Citrix remote desktop access product. This is according to Andrew Witty, Chief Executive Officer (CEO) of UnitedHealth, Change Healthcares parent company. Later this week, Witty is due to give his testimony regarding the Change Healthcare data breach in front of the House Energy and Commerce Committee, Reuters reports. His testimony was published on the UnitedHealth website ahead of the discussion. In late February this year, news broke of a major cyberattack at Change Healthcare, which forced the company to shut parts of its infrastructure down, and which affected local pharmacies and adjacent businesses. It was later reported that the company fell victim to a ransomware attack. Unknown point of entry "Not knowing the entry point of the attack at the time, we immediately severed connectivity with Changes data centers to eliminate the potential for further infection," Witty will say in the testimony. Apparently, the attackers used a compromised username/password combination to access the companys Citrix portal. There was no multi-factor authentication (MFA) set up at the time. Currently it is still unknown which specific Citrix flaw was abused during the attack. Reuters points out that U.S. officials issued multiple warnings about security loopholes in Citrix tools late last year. In the weeks following the attack, it was reported that an affiliate of ALPHV (BlackCat), a notorious ransomware-as-a-service vendor, breached Change Healthcare and stole 4TB of sensitive customer data. The group allegedly demanded $22 million in cryptocurrency in exchange for the decryption key and for keeping the data private. A blockchain transaction was later spotted with that exact amount, triggering speculation that the company tried to pay the ransom demand. Soon after, ALPHV shut the entire operation down and disappeared. The affiliate later claimed the group took all the money for itself and that it was stuck with the data. More from TechRadar Pro UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/change-helathcare-hackers-took-advantag e-of-citrix-vulnerability-to-break-in-ceo-says --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .