The FBI has published a Private Industry Notification warning of increasing attacks against healthcare sector payment processors. According to the notification, the thieves are using publicly available personally identifiable information belonging to processor employees along with social engineering tactics to redirect payments under their control. The notification lists possible indicators of attempted attacks, including phishing emails, unexpected changes to email exchange server and user accounts, and employees being locked out of payment processor accounts because of failed password recovery attempts.
- The threat actors are changing payment (ACH, Direct Deposit, etc.) to send information to their accounts rather than where expected. This means that you should not only check your personal accounts for fraudulent charges, but also verify corporate payment destinations are valid. Make sure that you have secondary validation of payment account changes, customer or corporate as well as enforce multi-factor authentication making credential compromise attacks much harder. Review the FBI recommendations to find other mitigations you may not have otherwise considered.
Read more in
- Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses (PDF)
- FBI: Hackers steal millions from healthcare payment processors
- FBI Warns of Cyberattacks Targeting Healthcare Payment Processors
- FBI: Active cyberattacks on healthcare payment processors ‘cost victims millions in losses’