Healthcare no longer off limits
Cybercriminal groups have now completely abandoned any pretense that theirs are basically victimless crimes by attacking the healthcare sector with increasing ruthlessness. Healthcare, once said to be off limits to ‘responsible’ cyber criminals, is now the subject of an urgent warning from the Cybersecurity Coordination Center (HC3) of the US Department of Health and Human Services.
“HC3 has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations,” the warning states.
Threat actors’ tactics of deception
Tactics include contacting an organization’s IT help desk with phone calls from a familiar area code and claiming to be an employee in a financial role. The threat actor is frequently able to provide the required sensitive information for identity verification, including the last four digits of the target employee’s social security number and corporate ID number, along with other demographic details. These details can all too often be obtained from professional networking sites and other publicly available information sources, such as previous data breaches.
Another attack vector highlighted by HC3 is for the threat actor to register a domain name with a single-letter variation of that of the target organization and then create an account impersonating the target organization’s Chief Financial Officer (CFO).
US healthcare companies hit with double-whammy ransom demand
An online post targeting a US healthcare provider with a double whammy also appeared this week. The post targets Change Healthcare and United Health, who the post alleges to have already paid a $22 million ransom to safeguard 4TB of their sensitive data and patient records. But, according to the post, ALPHAV stole the payment, and another threat actor, RansomHub, is now claiming to have possession of the 4TB of data and is threatening to release it to the highest bidder if a further ransom is not paid.
Once anxious to be seen as the Robin Hoods of the cyber world or at least as criminals with consciences, Cybercriminal groups are now increasingly using any methods, fair or foul, to get rich at the expense of the sick and vulnerable.
The government warning and criminal post come in the wake of a report last autumn that text-based email attacks on the healthcare sector rose almost threefold last year. The report from cybersecurity firm Abnormal Security added that the healthcare industry also saw an overall 167% increase in advanced email attacks in 2023, including credential phishing, malware, business email compromise (BEC), and extortion.
