The U.S. Department of Health and Human Services (HHS) is cautioning healthcare facilities nationwide about the exploitation of the “Citrix Bleed” vulnerability, urging immediate patching to thwart ransomware gangs’ attacks targeting hospitals and healthcare providers.
The vulnerability, CVE-2023-4966, affects Citrix’s NetScaler ADC and NetScaler Gateway appliances utilized for network traffic management. Notably, this flaw has been leveraged in cyber assaults on companies like Toyota and Boeing, prompting extensive warnings from cybersecurity experts and defense agencies globally.
HC3, the Health Sector Cybersecurity Coordination Center, emphasized the ongoing exploitation of Citrix Bleed, initially identified as a zero-day vulnerability in August 2023 and subsequently patched by Citrix in October. Alarmingly, the compromised sessions persist post-patch implementation, heightening the urgency for remediation.
HHS’s advisory directs healthcare entities to comprehensive guides from CISA and Netscaler, providing vital instructions on safeguarding their systems against potential attacks.
Recently, Boeing disclosed its encounter with the LockBit ransomware gang via Citrix Bleed, collaborating with the FBI and CISA to detail the incident, aiming to fortify defenses across industries.
Though not explicitly linked to Citrix Bleed, major hospital networks in New Jersey, Pennsylvania, and Ardent Health Services faced crippling ransomware incidents this week, causing service disruptions, appointment cancellations, and critical delays in patient care.
HC3’s urgent warning underscores the severity of Citrix Bleed and the pressing need for immediate patch deployment to fortify healthcare systems against aggressive ransomware groups, primarily targeting hospitals. John Riggi from the American Hospital Association stressed the significance of bolstering cyber defenses to safeguard patient care amidst escalating cyber threats, particularly during the holiday season.
