Threat Watch

Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses

The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. In one case, the attacker changed victims’ direct deposit information to a bank account controlled by the attacker, redirecting $3.1 million from victims’ payments. Cyber criminals are compromising user login credentials of healthcare payment processors and diverting payments to accounts controlled by the cyber criminals. Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access.


The FBI recommends network defenders apply the following mitigations to reduce the risk of compromise from cyber threats.

• Ensure anti-virus and anti-malware is enabled and security protocols are updated regularly and in a timely manner.
• Conduct regular network security assessments.
• Implement training for employees on how to identify and report phishing attempts.
• Use multi-factor authentication for all accounts and login credentials to the extent possible.
• Update or draft an incident response plan.
• Mitigate vulnerabilities related to third-party vendors.
• Create protocols for employees to report suspicious emails, changes to email exchange server configurations, denied password recovery attempts.