HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks
Thursday, April 11, 2024
Social Engineering Health Sector Cyber Attacks
Print Mail Download i

The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations” has been on the rise.

The social engineering scheme starts with a telephone call to the IT help desk from “an area code local to the target organization, claiming to be an employee in a financial role (specifically in revenue cycle or administrator roles). The threat actor is able to provide the required sensitive information for identity verification, including the last four digits of the target employee’s social security number (SSN) and corporate ID number, along with other demographic details. These details were likely obtained from professional networking sites and other publicly available information sources, such as previous data breaches. The threat actor claimed that their phone was broken, and therefore could not log in or receive MFA tokens. The threat actor then successfully convinced the IT help desk to enroll a new device in multi-factor authentication (MFA) to gain access to corporate resources.”

After the threat actor gains access, login information related to payer websites is targeted, and they submit a form to make ACH changes for payer accounts. “Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts. The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).”

The threat actors are leveraging spearphishing voice techniques and impersonating employees, also known as “vishing.” IC3 noted that “threat actors may also attempt to leverage AI voice impersonation techniques to social engineer targets, making remote identity verification increasingly difficult with these technological advancements. A recent global study found that out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had.”

IC3 provides numerous mitigations to assist with prevention of these vishing schemes, which are outlined in the Alert.

Copyright © 2024 Robinson & Cole LLP. All rights reserved.

Current Legal Analysis

More from Robinson & Cole LLP

Key Second Circuit Decision Defines AKS Willfulness Standard
by: Conor O. Duffy , Leslie J. Levinson
Department of Justice Criminal Division Announces Voluntary Self-Disclosure Pilot Program for Culpable Individuals
by: David E. Carney , Danielle H. Tangorre
FTC Votes to Finalize Rule Banning Non-Compete Agreements Nationwide
by: Ian T. Clarke-Fisher , Trevor L. Bradley
Cisco Releases Updates to Vulnerabilities in Firewall Platforms
by: Linn F. Freedman
USPTO Issues Guidance on Use of AI Based Tools
by: Daniel J. Lass
California Trap & Trace Class Actions on the Rise in the Age of Website Trackers
by: Kathryn M. Rattigan
Aid Package Signed by President Biden Includes Divestiture of TikTok Requirement
by: Linn F. Freedman
Privacy Tip #395 – GM Faces Class Action for Collecting + Disclosing Drivers’ Data Without Consent
by: Linn F. Freedman
AI, Government Contractors, and Employment Discrimination
by: Data Privacy & Cybersecurity Robinson Cole
Chicago’s Application of Parking Regulations Violates RLUIPA
by: Eden (Hunter) Yerby

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins