Cybercriminals are stealing multimillion-dollar payouts from healthcare payment processors by compromising user login credentials, the FBI warns the healthcare industry.
In recent incidents, cybercriminals used employees’ publicly available personally identifiable information and deployed social engineering techniques to impersonate care providers and gain access to healthcare portals, payment information and websites, the FBI says.
In April, an unnamed healthcare company with more than 175 medical providers discovered that a threat actor had posed as an employee and changed automated clearinghouse instructions of one of the entities’ payment processing vendors to direct payments to the cybercriminal.
“Cybercriminals are incredibly patient and have been known to spend months or longer learning about individuals and organizations in order to gain access, and then once they have access, further biding their time to gain more knowledge that allows them to increase the severity and magnitude of their crime,” he says.
Indicators of Compromise
The FBI advises entities to watch for any of a number of potential indicators that cybercriminals are attempting to gain access to user accounts.
The indicators include:
- Phishing emails targeting the financial departments of healthcare payment processors;
- Suspected social engineering attempts to obtain access to internal files and payment portals;
- Unwarranted changes in email exchange server configuration and custom rules for specific user accounts;
- Requests within a short time frame for employees to reset passwords and multifactor authentication phone numbers;
- Employees reporting they are locked out of payment processor accounts due to failed password recovery attempts.