Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

Celebrity Gig

The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems.

The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital employee, providing the helpdesk with stolen identification.

The hackers then request that their device be set up to use the employee’s multi-factor authentication. Once they have access to the hospital’s internal systems, they are free to steal data and re-route transactions into their own bank accounts.

READ ALSO:  Warren Buffett says he asked ChatGPT to write a song in Spanish

Hospital data and finances a honeypot for hackers

The Health Sector Cybersecurity Coordination Center (HC3) issued a warning for hospitals to be vigilant in the face of hackers using elaborate social engineering campaigns to gain access to hospital systems. The HC3 stated that the hackers “specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts” in order to steal money.

“Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts,” HC3 continued. “The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).

READ ALSO:  Rita Edochie speaks on Apostle Suleman's threat to send Happie Boyz back to Nigeria

While no threat actor has been formally identified as responsible for these attacks, HC3 issued a number of guidance points to IT help desks in order to avoid succumbing to such an attack: (PDF)

  • Require callbacks for employees requesting new device MFA enrollment or password resets using the number on file for the employee
  • Monitor ACH changes for suspicious activity and frequently revalidate users who have access to payer websites
  • Employees requesting MFA device enrollment, password resets, or ACH changes should report in person to the IT helpdesk
  • Where this is not possible, contact the employee supervisor for verification
  • Train helpdesk employees to identify social engineering techniques and spearphishing attempts
READ ALSO:  Importers return to parallel market as naira rebounds

Via BleepingComputer

More from TechRadar Pro

Categories

Share This Article
Leave a comment