Thousands of Citrix servers are still vulnerable to hackers nearly two weeks after HC3 issued a healthcare sector alert recommending patches to Citrix software. The flaws are contained in two products: a networking appliance used to assure the availability of clinical applications and a virtual private network, known as Citrix Gateway and Citrix ADC. Both are being actively exploited by sophisticated Chinese state-sponsored hacker groups.
This report is especially troubling for healthcare because Citrix ADC and Citrix Gateway are popular technologies used by many healthcare sector organizations.
Listen to Your Software Vendor and Follow their Advice
Citrix has notified its customers about the problem with instructions about how to repair it. The instructions are also repeated in the December 16, 2022 HC3 Alert:
“These vulnerabilities are known to be actively exploited by a Chinese state-sponsored advanced persistent threat known as APT5, and also UNC2630 and MANGANESE. Separately, the US Department of Health and Human Services is aware of U.S. healthcare organizations that have already been compromised by the exploitation of the vulnerability described in this report, although in each case the specific attacker has not yet been identified.”
Citrix’ own advisory is here.
For any organization that detects compromise of these vulnerabilities, the following actions are recommended by the National Security Agency:
- Move all Citrix ADC instances behind a VPN or other capability that requires valid user authentication (ideally multi-factor) prior to being able to access the ADC.
- Isolate the Citrix ADC appliances from the environment to ensure any malicious activity is contained.
- Restore the Citrix ADC to a known good state
Follow the HIPAA Security Rule
Ongoing HIPAA risk management grounded in an annual risk analysis, is the best preparation to reduce the risks of cyber attacks.
The HIPAA Security Rule requires every covered entity and business associate to have Administrative, Physical and Technical Safeguards in place to reduce risks. Use your Security Rule Checklist, review your policies, and make sure you update and patch all software in your network. You can’t prevent every attack, but you can reduce the likelihood and lessen the impacts by strengthening your cybersecurity protections today.