The Healthcare sector in the U.S. has lost millions of dollars to a unique form of cyberattack that involves payment processors. In a newly published advisory, the FBI has shared technical details about the attack, highlighting that at least 65 healthcare payment processors were targeted between June 2018 and January 2019.

Healthcare cyber attacks through payment processors

As described by the FBI, cybercriminals are using social engineering techniques to obtain login credentials of employees at payment processors.
  • Once the criminals gain access to login credentials, they modify the payment instructions without the knowledge of the employee. 
  • Phishing and spoofing support centers are additional methods in this particular healthcare cyber attack to divert payments. 
  • Moreover, attackers modify Exchange Servers’ configuration with customized rules to receive a copy of the messages sent to the victim. 

Millions of dollars stolen

  • In just three incidents between February and April, hackers had managed to divert more than $4.6 million to their accounts. 
  • In February, one threat actor used credentials from a major healthcare company to replace the direct deposit banking information to steal $3.1 million. 
  • In a separate incident the same month, cybercriminals used the same method to steal about $700,000 from another victim.
  • In another healthcare cyber attack that happened in April, a threat actor changed the Automated Clearing House (ACH) instructions to steal $840,000 from a company with more than 175 medical providers. 

Mitigation recommended

The FBI has compiled a list of IoCs that can help healthcare organizations spot attack attempts. As the recent attacks were carried out via phishing emails, employees must be vigilant in identifying emails that appear suspicious. Additional recommended measures include implementing MFA across the accounts and keeping systems and software up to date. 
Cyware Publisher

Publisher

Cyware