Federal authorities have issued a warning about rising phishing and social engineering scams targeting the healthcare sector. These attacks often focus on IT help desk workers, who are manipulated into revealing login credentials that allow cybercriminals to access sensitive IT systems. Once inside, the attackers can divert automated clearinghouse payments to bank accounts they control, resulting in significant financial losses for healthcare organizations.
The FBI and the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center reported that these scams frequently involve attackers posing as employees to gain initial access. They use social engineering tactics to trick IT help desks into resetting passwords or bypassing multifactor authentication. In some cases, the attackers register phishing domains nearly identical to legitimate ones, targeting key personnel like chief financial officers.
The malicious actors leverage the stolen credentials to carry out fraudulent transactions, including altering payment instructions to divert funds from patient accounts to accounts under their control. Some attackers also attempt to upload malware to victim systems, though such efforts are often unsuccessful. The ongoing nature of these schemes highlights the need for robust security practices and vigilance within healthcare organizations.
To counter these threats, experts recommend implementing multifactor authentication, conducting regular social engineering tests of help desk functions, and requiring additional validation for changes to payment instructions. Organizations should also enhance their authentication processes, such as using voice recognition technology or supervisor validation, to better protect against these sophisticated phishing attacks.
Reference:
