HIPAA Journal June 26, 2024
Steve Alder

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) about an ongoing social engineering campaign targeting the healthcare and public health (HPH) sector. The campaign has been running since August 2023 and seeks access to email account credentials to divert automated clearinghouse (ACH) payments to U.S. bank accounts under the threat actor’s control.

The threat actor targets email accounts and once access has been gained, pivots to targeting login credentials that allow them to make changes to accounts involved in reimbursement payments to insurance companies, Medicare, and other entities. Two methods have been identified for initial access to email accounts. Phishing emails are sent that direct...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, Provider, Technology
Related Articles:
Hackers targeting healthcare in order to divert payments
Why the AHA, MGMA oppose information-blocking penalties
HHS warns of ransomware group targeting healthcare
HHS Finalizes Information Blocking Disincentives
HHS adds info blocking penalties for hospitals

Share This Article