FBI warns healthcare payment services of new method of theft by hackers

The Federal Bureau of Investigation (FBI) has issued a warning about hackers attacking healthcare payment services to channel payments into bank accounts managed by the threat actors, after more than $4.6 million was stolen from healthcare companies this year alone.

According to the FBI, hackers redirected more than $4.6 million to their accounts in three instances between February and April this year, combining various tactics to obtain login credentials from healthcare workers and social engineering to mimic victims with access to health portals, websites, and payment information.

One threat actor stole $3.1 million by using the credentials of a major healthcare company to replace a hospital’s direct deposit banking information with accounts they controlled. Another perpetrator used the same method to steal $700,000 from a victim; and the third posed as an employee and altered ACH instructions to steal $840,000 from more than 175 medical providers.

According to the FBI, the workings of these specific threat actors include sending phishing emails to the financial departments of healthcare payment processors, changing Exchange Server configuration, and setting up custom rules for targeted accounts to obtain a copy of the victim’s messages.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web