More than a hundred healthcare institutions in the Netherlands use software from the American company Citrix that contains a serious security breach. Z-CERT, a center of expertise in the field of cyber security in healthcare, reports this on Thursday. These healthcare institutions are therefore vulnerable to hackers.

With Citrix software, companies can set up 'virtual desktops' that can be used from the cloud or a network. Among other things, this ensures that employees of a company that uses the software can log on to the company's servers at home.

Due to the vulnerability in the Citrix network, malicious parties can execute a code in the system remotely. This allows malicious parties to take over the entire system, warns the software company, which can result in companies becoming victims of data leaks or ransomware.

It was announced on Sunday that at least 713 servers in the Netherlands are at risk. The National Cyber ​​Security Center (NCSC) warned on Monday that the leak is being actively attacked. Z-CERT has therefore approached and advised all vulnerable healthcare organizations to "take measures with the greatest possible urgency if they have not yet been taken".

"Whoever took action after Saturday is probably already attacked"

But that organizations take these measures does not mean that they are safe. "We see a worldwide trend in which organizations are massively attacked by hackers," says Christiaan Piek, director at Z-CERT, at "There is a good chance that the care organizations that have taken measures after Saturday against the vulnerability have already been attacked by hackers." It is not known how many healthcare organizations are currently vulnerable.

On Tuesday evening hackers tried to break into the computer systems of the Medical Center Leeuwarden (MCL) and the municipality of Zutphen. The Citrix vulnerability was probably used for this. It seems that the hackers did not get access to the internal network of the MCL, but further investigation has to show whether that is correct.

Piek advises all healthcare organizations that use Citrix software to carry out the same traces on their network to see whether malicious parties have invaded the system in recent days and whether they have left malicious software behind.

Citrix expects to offer an update at the end of January

The vulnerability in the Citrix system has been known since December 2019, but the software company has not yet released an update that addresses the vulnerability. Citrix expects to be able to offer an update on January 20 at the earliest that removes the vulnerability. For certain versions of the firmware (software programmed in hardware), an update may take a few days longer.

A scan from the Dutch Security Reporting Point on Thursday morning revealed that another 250 Dutch servers are vulnerable to the leak. "You can assume that these servers have since been hit by hackers," says Frank Breedijk, cyber security expert at Dutch Security Reporting Center.

See also: We know this about the vulnerability in Citrix systems