According to a September 14 FBI report, cyber criminals are increasingly targeting healthcare payment processors to redirect payments intended for healthcare providers to accounts they control, the American Hospital Association (AHA) September 16 reports.
At least 68 attacks have occurred since June 2018, in which unknown cyber criminals used publicly available personally identifiable information and social engineering techniques to impersonate and access victims accounts, according to the alert. They recommend actions to help network defenders reduce the risk of compromise.
John Riggi, AHA’s national advisor for cybersecurity and risk, explained that this scheme, also known as business email compromise (BEC), presents another risk to the nation’s hospital and health systems.
“Employees should be sensitized to the various types of social engineering BEC techniques, and how publicly available and social media information they post can be used by criminals in this scheme to steal funds,” Riggi said. “To help mitigate this threat, it is recommended that both hospitals and payment processors strictly require verbal authentication from at least two known parties before any payment instructions are changed.”Read More >>