Hackers are stealing healthcare payments, by diverting them to bank accounts under their control, the FBI is warning.
The Bureau was forced to issue a warning after more than $4.6 million was stolen in three separate incidents where criminals would send out phishing emails, or reach out to people working at payment processors and financial departments, pretending to be support center employees.
Through phishing emails and calls, the attackers would try and get the victims into giving away login credentials from healthcare portals, websites, and similar. After that, they’d log into people’s accounts and change payment information. That way, once the payment goes through, it goes to the wrong account.
Besides phishing, the threat actors are also editing Microsoft Exchange server settings and creating custom rules in order to keep track of emails going in and out of the target’s inbox.
Of the three incidents, one happened when credentials from a “major healthcare company” were used to replace a hospital’s direct deposit banking information with that belonging to the attackers. In total, $3.1 million were lost. In another incident, the thieves made away with some $700,000, while in the third, an attacker impersonated an employee, changed the Automated Clearing House (ACH) instructions, and took $840,000.
To defend from such attacks, healthcare organizations and payment providers should, first and foremost, educate their employees on the dangers of phishing, and make sure they have strong, hard-to-break passwords that they don’t share with friends, family, or leave lying around on a slip of paper on their desks. Furthermore, they should be wary of any changes to the email server that weren’t planned, or seem logical.
They should also be suspicious of any employee requesting a password reset, a phone number reset for MFA, within a short period of time, the FBI concluded.
Via: BleepingComputer (opens in new tab)