In recent times, the FBI and Department of Health and Human Services have issued a warning about cyberthreat actors targeting health care organizations to steal payments. These attackers have been using phishing tactics to gain access to employees’ email accounts and then targeting login information related to payment processing for insurance companies, Medicare, and similar entities. In some cases, threat actors have even posed as employees to trigger password resets for accounts.
The American Hospital Association (AHA) first became aware of this scheme in January, with HHS issuing a similar advisory in April. John Riggi, AHA national advisor for cybersecurity and risk, emphasized the ongoing seriousness of this social engineering scheme. He recommended that health care organizations implement mitigation efforts to protect themselves, such as conducting social engineering tests on help desk functions and requiring multi-person authentication for any changes to payment instructions.
As the Fourth of July holiday approaches, Riggi also highlighted the importance of maintaining vigilance against cyber threats. Cyber adversaries often target health care organizations during holidays, so staying aware and promoting cyber awareness among staff is crucial for staying safe. For more information on cybersecurity and risk issues, contact John Riggi at jriggi@aha.org or visit www.aha.org/cybersecurity for the latest threat information and resources.
