ICYMI: HHS Issues Important Cybersecurity Notice for Health Care Operators

The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center has released a notice strongly encouraging health care organizations to upgrade their devices due to a vulnerability. Known as “Citrix Bleed,” this vulnerability has been ongoing since August 2023 and could allow hackers to access private health care information by bypassing passwords and multifactor authentication. 

Those systems vulnerable to Citrix Bleed include NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Versions include:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC and NetScaler Gateway version 12.1 (EOL)
  • NetScaler ADC 13.1FIPS before 13.1-37.163
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

Citrix released a patch for this vulnerability in early October, but these compromised sessions will still be active after a patch has been implemented. Administrators should follow Citrix’s guidance to upgrade their devices and remove any active or persistent sessions with the following commands:

  • kill aaa session -all
  • kill icaconnection -all
  • kill rdp connection -all
  • kill pcoipConnection -all
  • clear lb persistentSessions

Additional recommended actions for investigating any potential Citrix Bleed exploits have been provided by NetScaler. Further technical details, threat activity, and indicators of compromise can be obtained here and here . Users and administrators are strongly encouraged to review these recommended actions and upgrade devices to prevent serious damage.

As a reminder, everyone must remain vigilant – DO NOT click on suspicious emails, especially over the holidays. AHCA/NCAL will provide additional updates as available.

Click HERE to View the Security Notice.

WHCA/WICAL partners with Think Anew, who are experts in the world of data and cyber security. As detailed in the information provided by AHCA/NCAL earlier this week and referend to above, the discovery of the ‘Citrix Bleed’ vulnerability highlights the urgent need for stronger cybersecurity in long term care settings. As protecting sensitive data becomes increasingly critical, Think Anew encourages providers to update their security measures according to the latest guidelines from HHS. Please review the information below provided by Think Anew. Think Anew also shared a helpful infographic on how to easily identify a phishing email, which we encourage you distribute to your staff and display at your facility. If you have any questions pertaining to cybersecurity measures or wish to ask an expert at Think Anew, please contact them at:

Stacey Yoakum, President and COO
syoakum@thinkanew.com | 888.871.4266

Will Galloway, Chief Technology Officer
wgalloway@thinkanew.com | 601.898.5824

Click HERE to Review Think Anew’s Citrix Guidance!