Blog
HHS Issues Cyber Security Alert
- By: Maureen Carland
- On: 12/06/2023 14:13:08
- In: Quality/Regulatory
This advisory highlights a pressing concern related to a security vulnerability known as "Citrix Bleed," which poses a significant risk to the confidentiality of healthcare data. Citrix Bleed has been active since August 2023 and potentially enables malicious actors to gain unauthorized access to sensitive healthcare information by circumventing password and multifactor authentication protocols.
The systems at risk of Citrix Bleed compromise include NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The affected versions are as follows:
- NetScaler ADC and NetScaler Gateway 14.1 versions before 14.1-8.50
- NetScaler ADC and NetScaler Gateway 13.1 versions before 13.1-49.15
- NetScaler ADC and NetScaler Gateway 13.0 versions before 13.0-92.19
- NetScaler ADC and NetScaler Gateway version 12.1 (End of Life)
- NetScaler ADC 13.1FIPS versions before 13.1-37.163
- NetScaler ADC 12.1-FIPS versions before 12.1-55.300
- NetScaler ADC 12.1-NDcPP versions before 12.1-55.300
- kill aaa session -all
- kill icaconnection -all
- kill rdp connection -all
- kill pcoipConnection -all
- clear lb persistentSessions
As a reminder, it is imperative for everyone to remain vigilant, especially during the holiday season, and refrain from clicking on suspicious emails.
Staff contact: mcarland@mehca.org