Change Healthcare hacked using stolen Citrix account with no MFA
BleepingComputer
|
Contributed by: Drex DeFord
Summary
UnitedHealth has disclosed that its subsidiary, Change Healthcare, was victim to a BlackCat ransomware attack after attackers used stolen credentials to access the company's Citrix remote access service, which lacked multi-factor authentication. The breach, occurring in late February 2024, led to significant operational disruptions, affecting vital services such as payment processing and insurance claims, with financial damages estimated at $872 million. UnitedHealth later admitted to paying a ransom in an effort to protect compromised data, despite the details of the attack not being fully disclosed. The organization has undertaken extensive remediation efforts, including system upgrades and network rebuilds, aimed at restoring affected services and enhancing security measures. Additionally, an update mentions that stolen Change Healthcare employee Citrix credentials were detected on February 8 by Hudson Rock's threat intelligence platform, though it's unclear if these credentials were directly linked to the ransomware attack.