The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center is patching and updating network systems to protect hospitals and other critical infrastructure from the Citrix Bleed vulnerability, a serious ransomware threat. We urge you to take immediate steps to strengthen your policy. This vulnerability is exploited by ransomware groups such as LockBit 3.0 because it allows cyber threat actors to bypass password requirements and multi-factor authentication measures.
“This urgent alert from HC3 demonstrates the seriousness of the Citrix Bleed vulnerability and the urgent need to deploy existing Citrix patches and upgrades to protect systems,” said AHA Cybersecurity and Risk Nation. said advisor John Riggi. “This situation illustrates the aggressiveness with which foreign ransomware criminal organizations, primarily Russian-speaking, continue to target hospitals and healthcare systems. Ransomware attacks disrupt and delay healthcare delivery and reduce patient It puts lives at risk. There is no doubt that cybercriminals will continue to target this sector, especially during the holiday season, so we must remain vigilant and strengthen our cyber defenses.”
For more information about this or other cyber and risk issues, please contact Riggi at jriggi@aha.org. For the latest cyber and risk threat information and resources, visit www.aha.org/cybersecurity.