Blog

HHS Issues Cyber Security Alert

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center has issued a crucial cybersecurity advisory directed at healthcare operators.
This advisory highlights a pressing concern related to a security vulnerability known as "Citrix Bleed," which poses a significant risk to the confidentiality of healthcare data. Citrix Bleed has been active since August 2023 and potentially enables malicious actors to gain unauthorized access to sensitive healthcare information by circumventing password and multifactor authentication protocols.
The systems at risk of Citrix Bleed compromise include NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The affected versions are as follows:
  • NetScaler ADC and NetScaler Gateway 14.1 versions before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 versions before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 versions before 13.0-92.19
  • NetScaler ADC and NetScaler Gateway version 12.1 (End of Life)
  • NetScaler ADC 13.1FIPS versions before 13.1-37.163
  • NetScaler ADC 12.1-FIPS versions before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP versions before 12.1-55.300
Citrix has released a patch to address this vulnerability in early October. However, it is essential to note that compromised sessions may persist even after applying the patch. Therefore, administrators are strongly advised to adhere to Citrix's guidance, which includes upgrading their devices and terminating any active or persistent sessions using the following commands:
  • kill aaa session -all
  • kill icaconnection -all
  • kill rdp connection -all
  • kill pcoipConnection -all
  • clear lb persistentSessions
NetScaler has also offered additional recommended actions for investigating potential Citrix Bleed exploits. Detailed technical information, insights into threat activities, and indicators of compromise can be accessed via provided resources, which are available here and here. Users and administrators are urged to thoroughly review these recommended actions and promptly upgrade their devices to mitigate the risk of significant harm.
 
As a reminder, it is imperative for everyone to remain vigilant, especially during the holiday season, and refrain from clicking on suspicious emails.
 
Staff contact: mcarland@mehca.org