FBI: Cybercriminals are targeting healthcare payment processors

The FBI warned this week that cybercriminals are using publicly available information and social engineering to target healthcare payment processors and redirect payments. 

The agency recounted a series of attacks in a Private Industry Notification Wednesday. 

In one example from February, cybercriminals “obtained credentials from a major healthcare company,” then replaced the direct deposit information for a hospital with a checking account they had access to — stealing $3.1 million. 

In another incident in April, a healthcare company discovered a cybercriminal posing as an employee had changed payment instructions to divert a vendor payment to themselves, the FBI wrote. “The cyber criminal successfully diverted approximately $840,000 dollars over two transactions prior to the discovery,“ the agency added. 

But these incidents are part of a larger trend. 

“From June 2018 to January 2019, cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the United States to replace legitimate customer banking and contact information with accounts controlled by the cyber criminals,” according to the FBI. 

The agency shared general security advice as well as indicators of potential compromise, including: 

Phishing emails, specifically targeting financial departments of healthcare payment processors.  

Suspected social engineering attempts to obtain access to internal files and payment portals.  Unwarranted changes in email exchange server configuration and custom rules for specific accounts.  

Requests for employees to reset both passwords and 2FA phone numbers within a short timeframe. 

Employees reporting they are locked out of payment processor accounts due to failed password recovery attempt.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Andrea Peterson

Andrea Peterson

(they/them) is a longtime cybersecurity journalist who cut their teeth covering technology policy at ThinkProgress (RIP) and The Washington Post before doing deep-dive public records investigations at the Project on Government Oversight and American Oversight.