The cybercriminals in the cybersecurity threat landscape are always after sensitive data for exploitation.The significance of medical data such as repositories for health records,clinical research data,patient records comprising social security numbers, billing information, and insurance claims has made the healthcare industry a popular target of cyber-attacks. According to the US government data, the number of healthcare breaches in the first five months of 2022 has increased exponentially and nearly doubled from the same period last year.
Bleeping computer highlights the alert issued by The Federal Bureau of Investigation (FBI) about the increase in targeted attacks by hackers on healthcare payment processors in an attempt to expropriate and redirect the payments to attacker-owned bank accounts.Cybercriminals are employing several extortion tactics of misusing employees’ publicly-available Personally Identifiable Information (PII),social engineering techniques to impersonate victims by making unwarranted changes in Exchange Servers’ configuration, phishing campaigns against financial departments of payment processors,spoofing support centers to gain illegal access to login credentials of healthcare employees’ to retrieve files, healthcare portals, payment information, and websites. The FBI announced that after the threat actors gained illicit access to healthcare payment processors, millions of dollars have been stolen from the victims in just three cyberattacks in February and April this year amounting to a whopping value of $4.6 million. During the subsequent investigation the Federal agency further reiterated that these attacks on healthcare payment processors are not the first of its kind from June 2018 to January 2019 attackers targeted and accessed at least 65 healthcare payment processors throughout the U.S, resulting in $1.5 million in losses.
To help mitigate potential damage and enhance cyber resilience, the FBI has urged the healthcare organizations to implement a number of practices and summarized a short list of indicators to identify cyber-threats:
- Employees requesting a reset of two-factor authentication (2FA) within a short period and failed password recover attempts should trigger an alarm.
- Regular network security assessment including penetration tests and vulnerability scans to ensure compliance with current standards and regulations.
- Deploy up to date email security and fraud prevention solutions.
- Mitigate vulnerabilities related to third-party vendors and organizational collaborations.
- Implement multi-factor authentication for all accounts.
- Train the employees on identifying and reporting phishing, suspicious emails, changes to email, exchange server configurations, denied password recovery, password resets, social engineering and spoofing attempts.
- Draft an incident response plan, in accordance with (HIPAA) privacy and security rules.
- Require strong and unique passwords for login, and if there is evidence of system or network compromise, implement mandatory passphrase changes for all accounts.
- Minimize exposure to cybersecurity threats by timely patching
These measures ensure a safe and cyber secured environment for healthcare payment processors.