Millions of Dollars Stolen by Hackers from Healthcare Payment Processors
More Than $4.6 Million Stolen In Three Attacks
A new alert has been issued by the Federal Bureau of Investigation (FBI) regarding hacker-conducted cyberattacks, which target healthcare payment processors.
Millions of dollars have been stolen after the threat actors gained access to customer accounts and redirected their payments to bank accounts controlled by them.
Stealing Personal Data
The hackers used the personal details of the victims, which were publicly available, to impersonate them and gain access to their payment information.
The FBI notified that the hackers were employing a variety of methods to gain access to the payment information of the victims, including phishing attacks, spoofing, and modifying the configurations of Exchange Servers.
Over $4.6 Million Stolen
The Bureau declared that these events are neither new nor singular.
From June 2018 to January 2019, cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the United States to replace legitimate customer banking and contact information with accounts controlled by cybercriminals.
According to BleepingComputer, this year alone threat actors have stolen more than $4.6 million from healthcare companies in just three attacks after gaining access to customer accounts and changing payment details.
In February, a major healthcare firm had $3.1 million stolen, after the hacker changed the victims’ direct deposit information to a bank account controlled by the hacker. The same month, another victim lost $700.000 in a similar incident.
In April, another healthcare company, with over 175 medical providers lost $840.000 after a hacker impersonated an employee.
What Is Recommended to Do?
Besides the alert notification, the FBI also gave a list of recommendations that should help reduce the risk of cyber threats. Among the recommendations are included the following:
- Deploy email security and fraud preventions solutions and ensure they’re up to date;
- Mitigate vulnerabilities related to third-party vendors;
- Run regular network security assessments, including performing penetration tests and vulnerability scans;
- Implement multi-factor authentication for all accounts;
- Train the employees on how to identify and report phishing and spoofing attempts;
- Create security policies for the employees to report suspicious emails, changes to email, exchange server configurations, denied password recovery and password resets;
- Verify any changes in invoices, bank deposits, and contact information for interactions with third-party vendors and organizational collaborations;
- Draft an incident response plan, in accordance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules;
- Require strong and unique passwords for login, and if there is evidence of system or network compromise, implement mandatory passphrase changes for all accounts;
- Minimize exposure to cybersecurity threats by timely patching.