A cybersecurity threat ominously titled the “Citrix bleed” requires immediate attention from healthcare organizations, federal agencies warned Friday.
The issue is a vulnerability in network systems that could allow hackers to access private healthcare information by bypassing passwords and multifactor authentication, the Department of Health and Human Services said.
The cloud computing company Citrix first warned users of the “bleed” threat in October and since then, reports showed that hackers were exploiting the software since August, according to HHS.
Two security systems, NetScaler ADC and Netscaler Gateway 12.1, are now considered “end-of-life,” the HHS warning stated. It recommended that they be replaced immediately.
The threat is exacerbated by the fact that Citrix boasts that all of the top 10 largest healthcare organizations in the United States use its IT solutions.
The warning from HHS requires those using the software to deploy Citrix patches and upgrade security systems, said John Riggi, cybersecurity risk advisor for the American Hospital Association.
“This situation demonstrates the aggressiveness by which foreign ransomware gangs continue to target hospitals and health systems,” Riggi said in a statement. “Ransomware attacks disrupt and delay healthcare delivery, placing patient lives in danger. We must remain vigilant and harden our cyber defenses, as there is no doubt that cyber criminals will continue to target the field, especially during the holiday season.”
New software technology has not yet abated cybersecurity threats. In fact, new artificial intelligence tools have allowed for sophisticated cyber scams that mimic voices or government agents, which prompted a recent Senate hearing on the threat.
In addition to any harm caused by leaking sensitive information, data breaches also could also cost healthcare providers via expensive lawsuits, such as a class-action case levied against PharMerica, which provides services to long-term care operators, earlier this year.
