FBI: Cybercriminals Target Healthcare Payment Processors

Cybercriminals are increasingly targeting healthcare payment processors to redirect payments intended for healthcare providers to accounts they control, costing victims millions of dollars, the FBI reported this week. . The alert describes at least 68 attacks since June 2018 in which unknown cybercriminals used personally identifiable information and publicly available social engineering techniques to impersonate victims and gain access to accounts; and recommends actions to help network defenders reduce the risk of compromise.

“This type of scheme, also known as business email compromise (BEC), which uses a combination of email phishing techniques and voice social engineering, represents another potential area of ​​risk for that hospitals and health care systems across the country face,” said John Riggi, AHA National Advisor for Cybersecurity and Risk. “Employees should be made aware of the different types of BEC social engineering techniques, and how publicly available information and social media information they post can be used by criminals in this scheme to steal personal information. To help mitigate this threat, it is recommended that hospitals and payment processors strictly require verbal authentication from at least two known parties before any payment instructions are changed.

Comments are closed.