The American Hospital Association (AHA) has issued a warning about social engineering scams targeting hospital IT help desks. Threat actors are using stolen credentials from billing and payments employees to commit payment fraud. The scams involve foreign-based actors calling IT help desks and using stolen personal information to answer security questions. The fraudsters then request a password reset and enroll a new device to receive authentication codes, effectively bypassing multifactor authentication. The compromised employee’s email account is used to change payment instructions and divert funds to fraudulent bank accounts. The AHA recommends immediately notifying financial institutions and reporting incidents to the FBI. They also suggest implementing strict IT help desk security protocols, such as requiring a call back to the employee’s registered number for password resets and device enrollments.
According to John Riggi, national adviser for cybersecurity and risk at the AHA, dozens of hospitals have been targeted in recent attacks. The H-ISAC has been aware of similar social engineering schemes targeting the health sector since mid-2022. Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, notes that these scams have been happening in other industries for even longer. He recommends implementing additional checks, such as having an employee’s supervisor validate requests or using technology like voice recognition for verification.
AI-fueled attacks, including deepfakes, may further complicate efforts to detect and prevent social engineering schemes. IT help desks are being tricked by threat actors into resetting multifactor authentication credentials and providing authorization codes. Enhancements such as supervisor validation or voice recognition technology can help mitigate the risk.