The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. In one case, the attacker changed victims’ direct deposit information to a bank account controlled by the attacker, redirecting $3.1 million from victims’ payments. Cyber criminals are compromising user login credentials of healthcare payment processors and diverting payments to accounts controlled by the cyber criminals. Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security