FBI Alerts of Continuing Cybercriminal Campaigns Attacking Healthcare Payment Processors

The Federal Bureau of Investigation (FBI) has given a TLP:WHITE Private Industry Notification cautioning about continuing cybercriminal activities attacking healthcare payment processors that try to reroute victim payments to accounts owned by the hackers.

These attacks make use of social engineering techniques to acquire the login information of healthcare payment processors to permit them to reroute payments, like phishing attacks that imitate support facilities. The attackers have utilized publicly accessible personally identifiable information to acquire access to files, healthcare sites, payment details, and web pages.

The objective of these attacks is to alter direct deposit data. In an attack on a big healthcare organization that occurred last February 2022, changes to direct deposit details of a consumer checking account resulted in making payments amounting to $3.1 million rerouted to the attacker’s bank account. That month, another attack happened that employed identical strategies to redirect approximately $700,000.

In April 2022, a healthcare firm with 175 medical providers found out about an attack where the staff was impersonated and Automated Clearing House (ACH) directions of one of their payment processing providers were sent that rerouted payments to the account of a cybercriminal, which led to two payments amounting to $840,000 being deposited to the attacker’s bank account.

The FBI states that from June 2018 to January 2019 no less than 65 healthcare payment processors had been attacked in the U.S. and contact data and banking information were altered to send payments to attacker-owned accounts, with one of the attacks resulting in the loss of payments amounting to $1.5 million, with the preliminary access to a client account being acquired via phishing. The FBI cautions that entities engaged in the processing and disbursing of healthcare payments by means of payment processors stay susceptible to attacks like this.

Attackers deliver phishing emails to workers in the financial sections of a targeted healthcare payment processor. A trustworthy person is frequently imitated, and social engineering techniques are utilized to fool staff into making modifications to bank accounts. Login credentials are stolen during these attacks that enable the attacker to change email exchange server settings and create custom regulations for accounts of interest.

Workers that were attacked have claimed getting requests to change passwords and 2FA telephone numbers in a brief time period. The attackers modify account credentials to permit prolonged access, and the staff whose accounts were attacked report being thrown out of their payment processor accounts because of failed password recovery efforts.

The FBI provided a number of suggestions on how to protect against these attacks and minimize the danger of compromise. These consist of:

  • Make certain endpoint detection software is employed on all endpoints, such as current anti-virus and anti-malware tools
  • Perform regular network security examination, penetration tests, and vulnerability verification
  • Give training to the employees to teach them how to identify phishing and social engineering attacks, and give a simple method for them to report suspicious email messages – like an Outlook plugin that enables one-click reporting
  • Make sure workers know that they must just conduct requests for sensitive details by means of authorized secondary channels
  • Create multi-factor authentication for all accounts, preferably needing a physical device for approval – for example, a Yubikey – instead of a one-time code sent to a mobile gadget
  • Confirm and change as necessary contract renewals to consist of the failure to alter both credentials and 2FA in a similar period of time to lessen more vulnerability exploitations.
  • Employ guidelines and procedures for altering current financial data to include confirmation through a suitable, established channel
  • Make certain to use strong, distinct passwords
  • Make certain software is kept up to date and patches are used immediately to avoid vulnerability exploitation.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone