FBI Warns Healthcare Sector of Payment Scam Surge

Use of Social Engineering, Phishing to Divert Payments
Cybercriminals are stealing multimillion-dollar payouts from healthcare payment processors by compromising user login credentials, the FBI warns the healthcare industry.

In a recent alert, federal agents say they’ve received multiple reports of cybercriminals redirecting healthcare payments into their pockets.

According to the FBI, cybercriminals used employees’ publicly available PII and used social engineering techniques to impersonate care providers and gain access to healthcare portals, payment information and websites.

In one February incident, an attacker changed an unnamed hospital’s direct deposit information to divert $3.1 million in payments into a consumer checking account.

In April, another healthcare company with more than 175 medical providers lost roughly $840,000 after a criminal had posed as an employee and changed automated clearinghouse instructions for payment processing vendors.

During the seven-month period between June 2018 and January 2019, cybercriminals targeted and accessed at least 65 healthcare payment processors in the United States.

“Cybercriminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access,” the FBI warns.

Attractive Target
From a strategic standpoint, the healthcare sector contains an attractive pool of potential victims.

While cybercriminals have long targeted healthcare and other sectors in business email compromises and similar schemes, the FBI’s recent alert may be linked to an increase in intrusions “attributable to quick build-outs of remote access without a sufficient emphasis on security during the height of COVID-19.”

Indicators of Compromise
The FBI advises entities to watch for any of a number of potential indicators that cybercriminals are attempting to gain access to user accounts.

The indicators include:

  • Phishing emails targeting the financial departments of healthcare payment processors
  • Suspected social engineering attempts to obtain access to internal files and payment portals
  • Unwarranted changes in email exchange server configuration and custom rules for specific user accounts
  • Requests within a short time frame for employees to reset passwords and multifactor authentication phone numbers
  • Employees reporting that they are locked out of payment processor accounts due to failed password recovery attempts.

If you have questions about this evolving payment threat, contact ITPAC today.