The U.S. Department of Health and Human Services (HHS) is sounding the alarm! Hackers are targeting IT help desks in the Healthcare and Public Health (HPH) sector with cunning social engineering tactics.
Here’s how the scam works: Hackers disguise themselves as employees by calling with local area codes and providing stolen ID details (think corporate ID and social security numbers). Pretending their smartphones are broken, they convince helpdesk staff to enroll a new device – theirs – for multi-factor authentication (MFA). Bingo! They now have access to steal money through fraudulent bank transfers.
The Health Sector Cybersecurity Coordination Center (HC3) warns that these attackers specifically target login information for websites used to process payments. Once in, they can divert legitimate payments to their own accounts. The scam doesn’t stop there. They may even create fake domains and impersonate high-level staff, like a CFO, to further their schemes.
These tactics are becoming increasingly sophisticated. The report mentions the use of AI voice cloning to impersonate real people, making it even harder to verify identities remotely.
While the specific threat group behind these healthcare attacks remains unidentified, the techniques used are similar to those employed by the notorious Scattered Spider group. This cybercrime gang has a history of targeting various industries, including major tech companies and telecommunications providers.
How to Protect Your Healthcare Organization
HC3 offers several recommendations to help healthcare organizations block these attacks:
- Double-check: Require callbacks to verify any employee requesting password resets or new MFA devices. Don’t rely solely on the initial call.
- Monitor Payments: Keep a watchful eye for suspicious changes to payment processing systems, particularly those related to ACH transfers.
- Scrutinize User Access: Re-evaluate all users with access to financial portals and consider additional verification steps.
- In-Person for Sensitive Matters: When dealing with sensitive requests, consider requiring in-person verification to add an extra layer of security.
- Management Approval: Implement a system where supervisors must approve requests before changes are made, especially those involving access or financial transactions.
- Train Your Staff: IT help desk staff are on the front line. Equipping them with the knowledge to identify and report social engineering tactics and verify caller identities is crucial.
By following these steps and remaining vigilant, healthcare organizations can significantly reduce the risk of falling victim to these cunning social engineering scams.
Are you in need of reliable cybersecurity for your business? Get in touch with us to book a consultation for a tailored solution for your business.
Source: BleepingComputer