Cyberattacks on healthcare payment processors are escalating, with multiple reports of victims’ payments being redirected by thieves using employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims.
The cybercriminals impersonated victims and obtained access to files, healthcare portals, payment information and websites, according to a statement from the FBI Wednesday (Sept. 14). In one case, the attacker changed victims’ direct deposit information and redirected $3.1 million.
“Cyber criminals are compromising user login credentials of healthcare payment processors and diverting payments to accounts controlled by the cyber criminals,” the FBI stated. “Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access.”
See also: Companies Lean on Biometrics, Machine Learning to Stay ‘One Step Ahead’ of Fraudsters
The most recent attack was in April, when a healthcare company with more than 175 medical providers lost roughly $840,000 across two transactions before the criminal activity was discovered. The funds were diverted when a cyber thief posing as an employee changed the ACH instructions of one of their payment processing vendors.
Additionally, in February 2022, a cybercriminal obtained credentials from a major healthcare company and changed direct deposit banking information from a hospital to a consumer checking account belonging to the cybercriminal, resulting in a $3.1 million loss. In a separate incident, a different thief used the same method to swipe about $700,000.
Read more: DOJ Recovers $500K in Healthcare Ransom Demanded by North Korean Hackers
At least 65 healthcare payment processors were attacked from June 2018 to January 2019 when legitimate customer banking and contact information were replaced with accounts controlled by cybercriminals. One victim reported a loss of approximately $1.5 million, according to the FBI.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More