Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more.

“Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access,” the FBI warns.

According to the agency, cybercriminals are compromising credentials of healthcare payment processors and using them to divert payments to bank accounts they control.

In one incident in February 2022, attackers redirected $3.1 million from a victim’s payments after using compromised credentials to change direct deposit banking information to an account they controlled.

The same month, the same method was used in another attack to steal approximately $700,000.

In April 2022, a threat actor posing as an employee of a healthcare company that has over 175 medical providers changed Automated Clearing House (ACH) instructions at a payment processing vendor, which resulted in roughly $840,000 being diverted to the cybercriminal.

According to the FBI, between June 2018 and January 2019, at least 65 healthcare payment processors in the US were targeted by cybercriminals who replaced customer banking and contact information with the details of accounts controlled by the attackers. One of the victims reported a loss of $1.5 million.

Advertisement. Scroll to continue reading.

“The cybercriminals used a combination of publicly available PII and phishing schemes to gain access to customer accounts. Entities involved in processing and distributing healthcare payments through processors remain vulnerable to exploitation via this method,” the FBI notes.

Organizations should be suspicious of phishing emails targeting healthcare payment processors, social engineering attempts to gain access to payment portals and internal files, sudden changes to email exchange server configurations, requests for changing passwords and 2FA phone numbers, and failed password recovery attempts locking employees out of payment processor accounts.

The FBI recommends that organizations use security software that is well maintained, conduct regular network security assessments, train employees to identify phishing, use multi-factor authentication for all accounts, implement an incident response plan, patch vulnerabilities in third-party solutions, and implement mandatory passphrase changes for potentially compromised accounts.

Related: FBI Warns of Unpatched and Outdated Medical Device Risks

Related: US Gov Issues Guidance for Developers to Secure Software Supply Chain

Related: US Agencies Warn of ‘Vice Society’ Ransomware Gang Targeting Education Sector

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.