Sophisticated cybercriminals are employing advanced social engineering tactics, targeting hospital IT help desks with voice call attacks, posing a serious threat to the healthcare industry. The Health Sector Cybersecurity Coordination Center (HC3) has raised an alert, highlighting the growing trend of threat actors impersonating hospital employees to gain unauthorized access to sensitive information and systems. The attackers exploit local phone calls, identity verification, MFA manipulation, and payment diversion tactics, necessitating strategic mitigation and technical measures to bolster security defenses.
To counteract these evolving threats, hospitals are advised to enforce callback verification, in-person verification, and supervisor confirmation policies, alongside user education programs to enhance staff awareness of social engineering attempts. Additionally, technical recommendations for Microsoft environments include enforcing specific authentication methods and conditional access policies to fortify security measures. It is imperative for healthcare organizations to remain proactive and vigilant, emphasizing robust training, stringent verification processes, and advanced security technologies to safeguard against the growing sophistication of cyber attacks targeting IT help desks.
