Subscriber Alert: Citrix Vulnerabilities, the COVID-19 Social Engineering Attack, and an Update on the LifeLabs Breach

This Subscriber Alert is intended for healthcare organizations and professionals to raise awareness of cyber threats that may impact information security and privacy. Please feel free to circulate the alert to those who are overseeing related functions.

Citrix Vulnerabilities 

According to alerts highlighted by the Canadian Centre for Cyber Security (CCCS), cybercriminals have been “observed uploading malware to vulnerable Citrix servers which adds an additional backdoor while preventing other actors from exploiting the vulnerability.” HIROC is aware that CCCS has been issuing notifications to healthcare organizations that may have been compromised. If your organization suspects it has been compromised, please contact us at claims@hiroc.com. For additional resources on Citrix vulnerabilities and mitigation strategies, please see Cyber Resources below.

COVID-19 Social Engineering Attack

Canadian media outlets and privacy and security enthusiasts have reported a new phishing attack that takes advantage of the COVID-19 outbreak to deliver malware. These attacks are delivered through email messages with titles such as, “Confidential Cure Solution on Corona Virus” and have been reported to deliver malware such as Emotet and AZORult which can steal personal and financial information. Phishing campaigns, also referred to as social engineering attacks, are not new to healthcare organizations and professionals. Criminals use the latest news headlines and social trends in email messages to trick employees into taking action, such as clicking on a malicious link or opening a malicious attachment. Healthcare organizations and professionals are urged to provide social engineering attack awareness training to staff, students, volunteers, independent health practitioners, etc. Organizations are also encouraged to employ appropriate technical controls to protect against such attacks. Please see below for several key resources on prevention and mitigation strategies. For more information on this threat, please see Cyber Resources below.

LifeLabs Breach Update

HIROC has been receiving queries from our Subscribers about the recent LifeLabs breach and notification requirements for patients. If you would like to speak to counsel about your obligations with respect to this breach, please reach out to us at claims@hiroc.com.

Cyber Resources

Here are some additional resources that may be helpful to you and your team:

• Detecting Compromise relating to Citrix CVE-2019-19781, Canadian Centre for Cyber Security, 04 February 2020, https://cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0
• Active Exploitation of Citrix Vulnerabilities, Canadian Centre for Cyber Security, 17 January 2020, https://cyber.gc.ca/en/alerts/active-exploitation-citrix-vulnerabilities
• Mitigation Steps for CVE-2019-19781, Citrix, December 2019, https://support.citrix.com/article/CTX267679
• Attackers Expand Coronavirus-Themed Attacks and Prey on Conspiracy Theories, 13 February 2020, https://www.proofpoint.com/us/corporate-blog/post/attackers-expand-coronavirus-themed-attacks-and-prey-conspiracy-theories
• Key Measures for Preventing and Mitigating Cyber Attacks and Ransomware, HIROC, June 2018, https://www.hiroc.com/system/files/resource/files/2018-10/Key-Measures-for-Preventing-and-Mitigating-Cyber-Attacks-June-2018.pdf
• Cyber Risk Management – A Guide for Healthcare Administrators and Risk Managers, HIROC, 2017, https://www.hiroc.com/system/files/resource/files/2018-10/Cyber-Guide.pdf 

If you have any questions about cyber or information security threats, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at privacyofficer@hiroc.com.