Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more.

“Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access,” the FBI warns.

According to the agency, cybercriminals are compromising credentials of healthcare payment processors and using them to divert payments to bank accounts they control.

In one incident in February 2022, attackers redirected $3.1 million from a victim’s payments after using compromised credentials to change direct deposit banking information to an account they controlled.

The same month, the same method was used in another attack to steal approximately $700,000.

In April 2022, a threat actor posing as an employee of a healthcare company that has over 175 medical providers changed Automated Clearing House (ACH) instructions at a payment processing vendor, which resulted in roughly $840,000 being diverted to the cybercriminal.

According to the FBI, between June 2018 and January 2019, at least 65 healthcare payment processors in the US were targeted by cybercriminals who replaced customer banking and contact information with the details of accounts controlled by the attackers. One of the victims reported a loss of $1.5 million.

Advertisement. Scroll to continue reading.

“The cybercriminals used a combination of publicly available PII and phishing schemes to gain access to customer accounts. Entities involved in processing and distributing healthcare payments through processors remain vulnerable to exploitation via this method,” the FBI notes.

Organizations should be suspicious of phishing emails targeting healthcare payment processors, social engineering attempts to gain access to payment portals and internal files, sudden changes to email exchange server configurations, requests for changing passwords and 2FA phone numbers, and failed password recovery attempts locking employees out of payment processor accounts.

The FBI recommends that organizations use security software that is well maintained, conduct regular network security assessments, train employees to identify phishing, use multi-factor authentication for all accounts, implement an incident response plan, patch vulnerabilities in third-party solutions, and implement mandatory passphrase changes for potentially compromised accounts.

Related: FBI Warns of Unpatched and Outdated Medical Device Risks

Related: US Gov Issues Guidance for Developers to Secure Software Supply Chain

Related: US Agencies Warn of ‘Vice Society’ Ransomware Gang Targeting Education Sector

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.