"FBI Warns of Criminals Attacking Healthcare Payment Processors"

Millions of dollars have been stolen from healthcare organizations as a result of fraudsters gaining access to customer accounts and rerouting payments. A new advisory published by the FBI for the healthcare payment industry warns that cybercriminals are impersonating victims and gaining access to files, healthcare portals, payment information, and websites by using a combination of publicly available Personally Identifiable Information (PII) and social engineering techniques. In addition, criminals are diverting payments to bank accounts under their own control using compromised login credentials for healthcare payment processors. According to the FBI, in February 2022, a malicious hacker who gained access to accounts at a major healthcare company changed direct deposit banking information from a hospital to that of the cybercriminal's own checking account, resulting in a $3.1 million loss. In the same month, a different cybercriminal used the same method to steal $700,000. Two months later, a healthcare company with more than 175 medical providers discovered that a cybercriminal posing as an employee had changed payment instructions to direct funds, thus resulting in the theft of $840,000 in two transactions before being discovered. The threat is not new, as the FBI reported that between June 2018 and January 2019, cybercriminals broke into at least 65 healthcare payment processors across the US, replacing legitimate customer banking and contact information with criminal-controlled accounts. This article continues to discuss the FBI's advisory about cybercriminals targeting healthcare payment processors, which is costing victims millions of dollars in losses.

Tripwire reports "FBI Warns of Criminals Attacking Healthcare Payment Processors"