iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The US healthcare sector continues to face an onslaught of cyber crime, with hackers having been recently observed targeting IT help desks within the industry with social engineering tactics.
The US Department of Health and Human Services (HHS) issued a warning that the healthcare and public health (HPH) centre was under attack from these new tactics.
The new tactics involve threat actors calling target organisations on the phone using local area codes to disguise themselves, before acting as financial department employees and convincing victims to hand over ID verification details.
Once they have the details, they then convince IT help desk staff to enrol a threat actor-owned device under multifactor authentication (MFA), allowing them to access the organisation’s systems. Reportedly, some threat actors use AI voice-cloning tools to increase the efficacy of their attacks.
Following this, threat actors are able to draw more resources from the systems and use business email compromise attacks to redirect bank transactions.
The Health Sector Cybersecurity Coordination Center (HC3) has said that threat actors have already been observed gaining access to victim systems through the use of this technique.
“After gaining access, the threat actor specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts,” said the HC3.
“Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled US bank accounts. The funds were then transferred to overseas accounts.
“During the malicious campaign, the threat actor also registered a domain with a single-letter variation of the target organisation and created an account impersonating the target organisation’s chief financial officer (CFO).”
The HC3 said the techniques used in this latest wave are not unlike those used against the hospitality and entertainment industry in September 2023, a campaign that was claimed by the Scattered Spider threat group.
In the case of the previous campaign, the threat actor deployed ALPHV ransomware; however, no ransomware has been deployed in the healthcare attacks. The attacks have also not been attributed to a specific threat actor or group.
“While these recent campaigns in the health sector did not involve ransomware, both of these incidents did leverage spearphishing voice techniques and impersonation of employees with specific access related to the threat actors’ end goals,” added the HC3.
Be the first to hear the latest developments in the cyber industry.
