FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments

Jun 25, 2024 - 04:12 PM
cybersecurity-hand-lock-graphic_900x400

The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to steal payments. The agencies have recommended mitigation efforts to help reduce the likelihood of being impacted. Threat actors have been found to use phishing efforts to gain access to employees' email accounts, and then pivoting to target login information related to the processing of reimbursement payments to insurance companies, Medicare or similar entities, the agencies wrote. In some instances, threat actors would call an organization's information technology help desk posing as an employee of the organization to trigger a password reset for the employee's account. 
 
The AHA was initially made aware of this type of scheme in January, and HHS issued an advisory on similar threats in April

"The alert validates the ongoing and serious nature of this social engineering scheme as the AHA continues to receive similar reports from the field in regard to IT and human resources help desk social engineering schemes,” said John Riggi, AHA national advisor for cybersecurity and risk. “Bad actors use stolen employee personally identifiable information for password resets and enrolling new mobile devices to receive multi-factor authentication codes. In addition to the recommended mitigations, health care organizations may want to consider conducting social engineering tests of all help desk functions and instituting multi-person authentication for any change to organizational level payment instructions. Payers should also be made aware of this requirement as well. On a separate but important note, a reminder that as we approach the Fourth of July holiday, cyber adversaries have demonstrated a pattern of increased technical and social engineering targeting of health care during the holidays. Maintaining vigilance and staff cyber awareness is critical as we enjoy a safe holiday. "  
 
For more information on this or other cyber and risk issues contact Riggi at jriggi@aha.org. For the latest cyber and risk threat information and resources visit www.aha.org/cybersecurity

Related News Articles

Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Protecting Patients and Hospitals from Cyberattacks
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…
AHA Cyber Intel
2025 Cybersecurity Year in Review, Part One: Breaches and Defensive Measures
As of Oct. 3, 2025, 364 hacking incidents had been reported to the U.S. Department of Health and Human Services Office for Civil Rights, affecting over 33…
Headline
Urgent action recommended on critical Oracle vulnerability
The AHA Oct. 6 released a Cybersecurity Advisory urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable…
Headline
AHA launches revamped Cybersecurity and Risk Advisory webpage
The AHA has launched an enhanced Cybersecurity and Risk webpage designed to help health care organizations strengthen their defenses against emerging cyber and…