September 16, 2022

The Federal Bureau of Investigation (FBI) has issued a warning about hackers attacking healthcare payment services to channel payments into bank accounts managed by the threat actors, after more than $4.6 million was stolen from healthcare companies this year alone.

According to the FBI, hackers redirected more than $4.6 million to their accounts in three instances between February and April this year, combining various tactics to obtain login credentials from healthcare workers and social engineering to mimic victims with access to health portals, websites, and payment information.

One threat actor stole $3.1 million by using the credentials of a major healthcare company to replace a hospital’s direct deposit banking information with accounts they controlled. Another perpetrator used the same method to steal $700,000 from a victim; and the third posed as an employee and altered ACH instructions to steal $840,000 from more than 175 medical providers.

According to the FBI, the workings of these specific threat actors include sending phishing emails to the financial departments of healthcare payment processors, changing Exchange Server configuration, and setting up custom rules for targeted accounts to obtain a copy of the victim’s messages.

The sources for this piece include an article in BleepingComputer.