CVE-2024-6546 One Click Close Comments <= 2.7.1 - Unauthenticated Full Pat
CVE-2024-6661 ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored
CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+)
CVE-2024-6566 Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full
CVE-2024-6549 Admin Post Navigation <= 2.1 - Unauthenticated Full Path Dis
CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Di
CVE-2024-6573 Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure
CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authori
CVE-2024-6431 Media.net Ads Manager <= 2.10.13 - Missing Authorization to
CVE-2024-6548 Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Disl
News

Citrix Portal With No Multi-Factor Authentication Led To UnitedHealth Cyber Attack

Giulio Saggin
Giulio Saggin
Tuesday 30 April 2024
Citrix Portal With No Multi-Factor Authentication Led To UnitedHealth Cyber Attack
Supplied

UnitedHealth subsidiary Change Healthcare was hacked via a Citrix portal that did not have multi-factor authentication.

This revelation will be announced by UnitedHealth CEO Andrew Witty in testimony before the House Energy and Commerce Committee on May 1.

Once the Change Healthcare portal was breached, the criminals remotely accessed desktops nine days after the February 12 hack.

"On the morning of February 21, a cybercriminal calling themselves ALPHV or BlackCat deployed a ransomware attack inside Change Healthcare’s information technology environments, encrypting Change’s systems so we could not access them," said Witty in his testimony, which was posted on the committee's website.

Witty describes the cyberattack as unprecedented and causing disruption across the health care system: "From pharmacists having to manually submit claims to the rural family medicine practice struggling to make payroll – the impacts of an attack by organized criminals, no matter how temporary, (are) real."

UnitedHealth responded immediately to the attack and within hours of the ransomware being launched had contacted the FBI. At the same time, experts from Google, Microsoft, Cisco, Amazon, Mandiant, Palo Alto Networks and others were making their way to Change Healthcare's Central Command Operations Centre in Nashville. Once there, they began the process of rebuilding the company's technology infrastructure, working around-the-clock.

UnitedHealth also severed all connectivity with Change Healthcare’s data centres to prevent the chance of further infection.

"While shutting down many Change environments was extremely disruptive, it was the right thing to do," states Witty. "We secured the perimeter of the attack and prevented malware from spreading beyond Change to the broader health system."

These actions appear to have worked and there has been no evidence of infection beyond Change Healthcare and into the wider UnitedHealth Group of companies.

At the end of the day, Witty made the decision to pay the (undisclosed) ransom: "As CEO, the decision to pay ... was one of the hardest I’ve ever had to make. I wouldn’t wish it on anyone."

(Read Andrew Witty's testimony)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Top Stories

Features

What is PCI DSS Requirement 6.1?

What is PCI DSS Requirement 6.1?

There are 12 PCI DSS Requirements that need to be met to attain PCI compliance. One of those, Requirement 6, ensures that an entity has its software protected by up-to-date "vendor-provided security patches".

What is PCI DSS Requirement 6?

What is PCI DSS Requirement 6?

The official explanation of PCI DSS Requirement 6 is summed up as "Develop and maintain secure systems and applications". In other words, an entity attaining PCI compliance needs to have its software protected by up-to-date "vendor-provided security patches".

What is an Approved Scanning Vendor (ASV)?

What is an Approved Scanning Vendor (ASV)?

Discover the Complexities Behind PCI Compliance: Unraveling the Critical Role of External Scans, Internal Vulnerability Checks, and the Cruciality of Requirement 6.1 in Cybersecurity. Explore how ASVs and Services like SecAlerts Play Key Roles in This Compliance Puzzle!

What is a zero-day?

What is a zero-day?

A zero-day refers to a vulnerability in software or hardware that is unknown to the vendor or the public. It's called "zero-day" because once it's discovered, attackers can exploit it immediately, leaving zero days for the vendor to fix it.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203