The FBI issued an alert Sept. 14 about an increase in cybercriminals targeting healthcare payment processors in an attempt to hijack the payments.
Six things to know:
- Cybercriminals are using employees' personally identifiable information and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information and websites.
- From June 2018 to January 2019, cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the U.S., resulting in $1.5 million in losses.
- In April, hackers posing as an employee of a healthcare company stole $840,000 by redirecting payments to one of their payment processing vendors.
- The FBI reported that in one attack, hackers changed victims' direct deposit information to a bank account under their control and redirected $3.1 million payments.
- In a separate incident, a different cybercriminal used the same technique to steal about $700,000.
- The alert also reported potential indicators of malicious activities against user accounts, including phishing emails targeting financial departments of healthcare payment processors, suspected social engineering attempts to obtain access to internal files and payment portals, unwarranted changes in email exchange server configuration and the settings of custom rules for specific accounts.