The FBI has warned healthcare organizations to be wary of hackers that target payment processors and divert funds to their bank accounts. Just this year, bad actors have stolen over $4.6 million by stealing access to user accounts and modifying payment information.
Cybercriminals dirty tricks
Hackers make use of publicly available personal information and social engineering methods to gain access to victims’ websites, healthcare portals, and payment details.
Furthermore, they spoofed support centers to gain access to companies that handle and deliver healthcare reimbursements.
The spammers can alter Exchange Server’s configurations and customize rules for targeted accounts, which allow them to receive a copy of the victim's messages.
Between February and April, threat actors used a variety of techniques to steal $3.1 million. $700,000, and $840,000 from three different healthcare companies.
Healthcare sector under attack
The healthcare sector has been the target of numerous cybercriminal assaults in the recent past, a few of which are detailed below:
The OakBend Medical Center in Texas suffered a ransomware attack that disrupted its communication and IT systems, as well as exfiltrated internal data.
As noted by HC3, the Karakurt ransomware group has carried out at least four attacks affecting the U.S. healthcare and public health sectors since June.
A ransomware assault on OneTouchPoint forced Common Ground Healthcare Cooperative to alert 133,714 plan users that their data might have been compromised.
Threat actors belonging to Russia-based Evil Corp attacked the U.S. healthcare sector to acquire intellectual information using tools such as Dridex and other ransomware.
Recent attacks on the healthcare sector reflect a lot about security gaps or probably existing legacy systems. To avoid such threats, security experts should conduct regular network audits and train all employees to recognize and report phishing, social engineering, and spoofing attacks. Furthermore, healthcare organizations need to slowly move away from the use of old technologies and upgrade instruments and systems.