The FBI has issued a warning to hackers who are stealing healthcare payments.
After more than $4.6 million was stolen in three instances, criminals would send out phishing emails or reach out to people who work in payment processors and financial services, preting to be help center employees.
The attackers would ask victims to provide them with login credentials from healthcare portals, websites, and other services. Afterwards, theyd log into peoples accounts and change payment information. This way, once the payment is through, it proceeds to the wrong account.
The threat actors are also modifying Microsoft Exchange server settings and developing custom rules in order to keep track of messages coming in and out of the target inbox.
One incident happened when credentials from a major healthcare business were used to replace a hospitals direct deposit banking information with those belonging to the attackers. In total, $3.1 million were lost. In another incident, the thieves splintered $700,000, while in the third, an attacker impersonated an employee, changed the ACH instructions, and paid $840,000.
To protect against such attacks, healthcare organizations and payment providers should first and foremost, educate their employees on the dangers of phishing, and ensure they have strict, hard-to-break passwords they never share with friends or family, or leave lying around on a sheet of paper on their desks. Moreover, they should be wary of any changes to the email server that weren''t planned, or seem logical.
The FBI has stated that they should be sceptical of any employee who wants a password reset and a phone number reset for MFA within a limited time.