Security News > 2024 > April > Change Healthcare hacked using stolen Citrix account with no MFA
The ransomware attack on Change Healthcare occurred in late February 2024, leading to severe operational disruptions on Optum's Change Healthcare platform.
The healthcare org recently admitted that it paid a ransom to protect people's data post-compromise, but no details about the attack or who carried it out were officially disclosed.
The investigations, which are still ongoing, revealed that the attackers first gained access to Change Healthcare's Citrix portal on February 12, 2024, using stolen employee credentials.
"On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops," explained Witty.
Ransomware gang starts leaking alleged stolen Change Healthcare data.
US govt probes if ransomware gang stole Change Healthcare data.