A good example of how a vulnerability in software has paralyzed American medicine.
In February, a high-profile cyber attack on Change Healthcare caused serious disruptions in the work of US medical institutions, and now it has become known how hackers gained access to the systems.
According to the CEO of UnitedHealth Group (parent company of Change Healthcare) Andrew Whitty, the attack was caused by an uncorrected vulnerability called Citrix Bleed (CVE-2023-4966, CVSS score: 7.5) in the Citrix software. The details were revealed in preparation for a hearing in the subcommittee on oversight and Investigations, which is scheduled for May 1.
The attack, which occurred on February 12, paralyzed the accounting and payment systems of UnitedHealth Group, which affected hospitals, insurance and pharmacies, paralyzing their work for almost a month. Responsibility for the attack was claimed by the ALPHV/BlackCat group, which has already ceased its activities after the FBI operation.
Against the background of the attack, a similar vulnerability was actively exploited by another group of hackers, LockBit, starting in July 2023. In October, Citrix released the necessary update to fix the vulnerability, but by then many companies, including Boeing and ICBC, had already suffered from cyber attacks.
The director of UnitedHealth Group claims that as a result of the attack, data for remote access to the Change Healthcare portal was compromised. After detecting the attack, the company immediately cut off communication with data centers to prevent further spread of the virus.
Andrew Whitty pointed out that the company has fended off more than 450,000 hacking attempts in the past year alone. At congressional hearings, Whitty plans to talk about the measures that the company is taking to combat cyber threats, including cooperation with the FBI and leading information security companies.
As a result of the attack, UHG paid out more than $6.8 billion. in the form of advance payments and interest-free loans to affected medical institutions. The Change Healthcare division processes the records of one in three patients in the United States, processing about 15 billion transactions a year.
The cyberattack also triggered an investigation by the US Department of Health regarding possible violations of medical data protection rules, which could lead to fines or lawsuits against UnitedHealth Group.
Change Healthcare is still feeling the effects of the incident. The complexity of the situation is compounded by the fact that ALPHV ransomware deceived the company, disappearing shortly after receiving the ransom. According to rumors, the group's partners who carried out the attack never received their share of the proceeds, which is why they began to cooperate with the RansomHub group and continue to blackmail Change Healthcare using the same stolen data.
In February, a high-profile cyber attack on Change Healthcare caused serious disruptions in the work of US medical institutions, and now it has become known how hackers gained access to the systems.
According to the CEO of UnitedHealth Group (parent company of Change Healthcare) Andrew Whitty, the attack was caused by an uncorrected vulnerability called Citrix Bleed (CVE-2023-4966, CVSS score: 7.5) in the Citrix software. The details were revealed in preparation for a hearing in the subcommittee on oversight and Investigations, which is scheduled for May 1.
The attack, which occurred on February 12, paralyzed the accounting and payment systems of UnitedHealth Group, which affected hospitals, insurance and pharmacies, paralyzing their work for almost a month. Responsibility for the attack was claimed by the ALPHV/BlackCat group, which has already ceased its activities after the FBI operation.
Against the background of the attack, a similar vulnerability was actively exploited by another group of hackers, LockBit, starting in July 2023. In October, Citrix released the necessary update to fix the vulnerability, but by then many companies, including Boeing and ICBC, had already suffered from cyber attacks.
The director of UnitedHealth Group claims that as a result of the attack, data for remote access to the Change Healthcare portal was compromised. After detecting the attack, the company immediately cut off communication with data centers to prevent further spread of the virus.
Andrew Whitty pointed out that the company has fended off more than 450,000 hacking attempts in the past year alone. At congressional hearings, Whitty plans to talk about the measures that the company is taking to combat cyber threats, including cooperation with the FBI and leading information security companies.
As a result of the attack, UHG paid out more than $6.8 billion. in the form of advance payments and interest-free loans to affected medical institutions. The Change Healthcare division processes the records of one in three patients in the United States, processing about 15 billion transactions a year.
The cyberattack also triggered an investigation by the US Department of Health regarding possible violations of medical data protection rules, which could lead to fines or lawsuits against UnitedHealth Group.
Change Healthcare is still feeling the effects of the incident. The complexity of the situation is compounded by the fact that ALPHV ransomware deceived the company, disappearing shortly after receiving the ransom. According to rumors, the group's partners who carried out the attack never received their share of the proceeds, which is why they began to cooperate with the RansomHub group and continue to blackmail Change Healthcare using the same stolen data.
