Ransomware Gangs Exploit Citrix Bleed Vulnerability to Target Hospitals and Healthcare Sector

Ransomware Gangs Exploit Citrix Bleed Vulnerability to Target Hospitals and Healthcare Sector

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS-HC3) is emphasizing the need for hospitals and critical infrastructure to promptly address the Citrix Bleed vulnerability.

This vulnerability is being exploited by ransomware groups such as LockBit 3.0, enabling them to circumvent password requirements and multifactor authentication protocols. It is crucial for organizations to patch and strengthen their network systems to mitigate this significant ransomware threat.

Gravity of the Citrix Bleed Vulnerability

John Riggi, AHA’s national advisor for cybersecurity and risk, emphasized the gravity of the Citrix Bleed vulnerability and the immediate action required to safeguard systems. “This urgent warning by HC3 signifies the seriousness of the Citrix Bleed vulnerability and the urgent need to deploy the existing Citrix patches and upgrades to secure our systems,” said Riggi in a report from The HIPAA Journal. “This situation also demonstrates the aggressiveness by which foreign ransomware gangs, primarily Russian-speaking groups, continue to target hospitals and health systems.  Ransomware attacks disrupt and delay health care delivery, placing patient lives in danger. We must remain vigilant and harden our cyber defenses, as there is no doubt that cyber criminals will continue to target the field, especially during the holiday season.”

Government and Critical Infrastructure at Risk from Citrix Bleed

Citrix Bleed is a software vulnerability being increasingly connected to cyberattacks, and it now appears to be putting government and critical infrastructure at risk. According to CISA, the vulnerability affects Citrix NetScaler ADC and NetScaler Gateway. The affected products contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.  Exploitation of this vulnerability could allow for the disclosure of sensitive information, including session authentication token information that may allow a threat actor to “hijack” a user’s session.

The vulnerability has been mentioned frequently in recent reports concerning critical industries. DoublePulsar’s report suggests that this weakness could be responsible for the recent cyberattack that caused significant disruptions to numerous credit unions. Additionally, ransomware actors took advantage of this vulnerability during an attack on aviation giant, Boeing.

Shield Sensitive Healthcare Data with SentryBay

“SentryBay’s unique enforcement mechanism, part of the Armored Client, authenticates devices before a user attempts entry using the normal authentication methods – which thwarts attackers harnessing the Citrix Bleed vulnerability,” said Tim Royston-Webb, CEO, SentryBay. “It also easily ensures that all personnel, even BYO and third-party contractors on unmanaged devices, can securely access corporate assets.”

“As confirmed by the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS-HC3), several ransomware groups including LockBit, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments within the healthcare sector,” said Jeremy Greenwood, Enterprise Global Sales Lead, SentryBay. “SentryBay’s patented enforcement mechanism mitigates against token hijacking, nullifying Citrix Netscaler Bleed vulnerabilities. This ensures that sensitive patient data and healthcare operations remain secure, even in the face of sophisticated cyber threats. SentryBay is ready to deliver protection to any organisations that need to shield sensitive data accessed via NetScaler.”

Citrix Netscaler Bleed vulnerabilities

Latest Posts

Follow Us On