Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat
Elaborate social engineering techniques used to trick IT helpdesks
The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems.
The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital employee, providing the helpdesk with stolen identification.
The hackers then request that their device be set up to use the employee’s multi-factor authentication. Once they have access to the hospital's internal systems, they are free to steal data and re-route transactions into their own bank accounts.
Hospital data and finances a honeypot for hackers
The Health Sector Cybersecurity Coordination Center (HC3) issued a warning for hospitals to be vigilant in the face of hackers using elaborate social engineering campaigns to gain access to hospital systems. The HC3 stated that the hackers “specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts” in order to steal money.
“Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts,” HC3 continued. "The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).
While no threat actor has been formally identified as responsible for these attacks, HC3 issued a number of guidance points to IT help desks in order to avoid succumbing to such an attack: (PDF)
- Require callbacks for employees requesting new device MFA enrollment or password resets using the number on file for the employee
- Monitor ACH changes for suspicious activity and frequently revalidate users who have access to payer websites
- Employees requesting MFA device enrollment, password resets, or ACH changes should report in person to the IT helpdesk
- Where this is not possible, contact the employee supervisor for verification
- Train helpdesk employees to identify social engineering techniques and spearphishing attempts
Via BleepingComputer
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- Here is our guide to the best identity theft protection
- Critical milestone: how new SEC rules affect business cybersecurity
- These are the best firewalls around
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.