Security Experts:

Connect with us

Hi, what are you looking for?



FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more.

“Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access,” the FBI warns.

According to the agency, cybercriminals are compromising credentials of healthcare payment processors and using them to divert payments to bank accounts they control.

In one incident in February 2022, attackers redirected $3.1 million from a victim’s payments after using compromised credentials to change direct deposit banking information to an account they controlled.

The same month, the same method was used in another attack to steal approximately $700,000.

In April 2022, a threat actor posing as an employee of a healthcare company that has over 175 medical providers changed Automated Clearing House (ACH) instructions at a payment processing vendor, which resulted in roughly $840,000 being diverted to the cybercriminal.

According to the FBI, between June 2018 and January 2019, at least 65 healthcare payment processors in the US were targeted by cybercriminals who replaced customer banking and contact information with the details of accounts controlled by the attackers. One of the victims reported a loss of $1.5 million.

“The cybercriminals used a combination of publicly available PII and phishing schemes to gain access to customer accounts. Entities involved in processing and distributing healthcare payments through processors remain vulnerable to exploitation via this method,” the FBI notes.

Organizations should be suspicious of phishing emails targeting healthcare payment processors, social engineering attempts to gain access to payment portals and internal files, sudden changes to email exchange server configurations, requests for changing passwords and 2FA phone numbers, and failed password recovery attempts locking employees out of payment processor accounts.

The FBI recommends that organizations use security software that is well maintained, conduct regular network security assessments, train employees to identify phishing, use multi-factor authentication for all accounts, implement an incident response plan, patch vulnerabilities in third-party solutions, and implement mandatory passphrase changes for potentially compromised accounts.

Related: FBI Warns of Unpatched and Outdated Medical Device Risks

Related: US Gov Issues Guidance for Developers to Secure Software Supply Chain

Related: US Agencies Warn of ‘Vice Society’ Ransomware Gang Targeting Education Sector

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...