Over $4.6 million is the current sum for this year’s worth of stolen funds against healthcare institutions after hackers compromised the sector’s payment processors to reroute payments to attacker-controlled bank accounts.
This campaign began as hackers accessed healthcare employee and customer accounts through other cyberattack methods, such as phishing, and then changed payment details with their own. According to the FBI, the hackers in this campaign performed social engineering tactics and impersonated victims with access to healthcare websites and payment portals using their hacked accounts.
The alert posted by the FBI also mentioned the phishing tactic the hackers executed, including targeting healthcare financial departments where payment processors are usually situated.
From a report, three incidents last February and April have already been documented, which involved threat actors diverting payment transactions to their bank accounts. These incidents were what gathered the stolen amount of over $4.6 million from the targeted sector for this year alone.
To give more details, in the February incident, a hacker used the credentials of a major healthcare institution to reroute the direct deposit banking information of another hospital to banking accounts that they control. About $3.1 million was stolen from this incident.
Another incident occurred in the same month using the same attack scheme that compromised payment processors, losing more than $700 million to the hackers.
For the April incident, which was the third for this year, the hackers impersonated a healthcare employee to change the Automated Clearing House (ACH) instructions and steal over $840,000 from at least 175 medical partner providers.
Even though these recent cyberattack cases against the healthcare sector have alerted the authorities, they note they were not new and out of the ordinary. For many years, threat actors have already been keeping an eye on the critical sector, including targeting and accessing payment processors to redirect financial transactions of partners and customers toward their hacker-controlled accounts.
As advised by the law enforcement agency, healthcare institutions must be extra prepared for potential cyberattacks and enhance their security protocols as such incidents occur.
