Security Experts:

Connect with us

Hi, what are you looking for?



FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled by the attacker.

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more.

“Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access,” the FBI warns.

According to the agency, cybercriminals are compromising credentials of healthcare payment processors and using them to divert payments to bank accounts they control.

In one incident in February 2022, attackers redirected $3.1 million from a victim’s payments after using compromised credentials to change direct deposit banking information to an account they controlled.

The same month, the same method was used in another attack to steal approximately $700,000.

In April 2022, a threat actor posing as an employee of a healthcare company that has over 175 medical providers changed Automated Clearing House (ACH) instructions at a payment processing vendor, which resulted in roughly $840,000 being diverted to the cybercriminal.

According to the FBI, between June 2018 and January 2019, at least 65 healthcare payment processors in the US were targeted by cybercriminals who replaced customer banking and contact information with the details of accounts controlled by the attackers. One of the victims reported a loss of $1.5 million.

“The cybercriminals used a combination of publicly available PII and phishing schemes to gain access to customer accounts. Entities involved in processing and distributing healthcare payments through processors remain vulnerable to exploitation via this method,” the FBI notes.

Organizations should be suspicious of phishing emails targeting healthcare payment processors, social engineering attempts to gain access to payment portals and internal files, sudden changes to email exchange server configurations, requests for changing passwords and 2FA phone numbers, and failed password recovery attempts locking employees out of payment processor accounts.

The FBI recommends that organizations use security software that is well maintained, conduct regular network security assessments, train employees to identify phishing, use multi-factor authentication for all accounts, implement an incident response plan, patch vulnerabilities in third-party solutions, and implement mandatory passphrase changes for potentially compromised accounts.

Related: FBI Warns of Unpatched and Outdated Medical Device Risks

Related: US Gov Issues Guidance for Developers to Secure Software Supply Chain

Related: US Agencies Warn of ‘Vice Society’ Ransomware Gang Targeting Education Sector

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.