FBI Warns Healthcare Payment Services of new Method of Theft by Hackers

Share post:

The Federal Bureau of Investigation (FBI) has issued a warning about hackers attacking healthcare payment services to channel payments into bank accounts managed by the threat actors, after more than $4.6 million was stolen from healthcare companies this year alone.

According to the FBI, hackers redirected more than $4.6 million to their accounts in three instances between February and April this year, combining various tactics to obtain login credentials from healthcare workers and social engineering to mimic victims with access to health portals, websites, and payment information.

One threat actor stole $3.1 million by using the credentials of a major healthcare company to replace a hospital’s direct deposit banking information with accounts they controlled. Another perpetrator used the same method to steal $700,000 from a victim; and the third posed as an employee and altered ACH instructions to steal $840,000 from more than 175 medical providers.

According to the FBI, the workings of these specific threat actors include sending phishing emails to the financial departments of healthcare payment processors, changing Exchange Server configuration, and setting up custom rules for targeted accounts to obtain a copy of the victim’s messages.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways