Hospitals and other healthcare organizations across the U.S. have been warned by the Department of Health and Human Services Health Sector Cybersecurity Coordination Center regarding ongoing attacks by cybercriminals and state-backed threat operations leveraging the critical Citrix Bleed vulnerability, tracked as CVE-2023-4966, according to The Record, a news site by cybersecurity firm Recorded Future.
"Citrix released a patch for this vulnerability in early October, but it has been reported that the vulnerability was being exploited as a zero-day since August 2023. The manufacturer has also warned that these compromised sessions will still be active after a patch has been implemented," said the HC3 in an advisory that also recommended immediate software upgrades. Such an advisory, which follows the release of more details regarding the Boeing hack through Citrix Bleed, highlights the severity of the vulnerability, noted American Hospital Association National Advisor for Cybersecurity and Risk John Riggi. "We must remain vigilant and harden our cyber defenses, as there is no doubt that cyber criminals will continue to target the field, especially during the holiday season," Riggi added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news