The U.S. Department of Health and Human Services, in collaboration with the Healthcare Industry Cybersecurity Coordination Center, published an industry alert advising on mitigation measures to combat phishing scams. voice phishing aimed at stealing electronic money transfers.
WHY IS IT IMPORTANT?
HC3 said in its April 3 alert that user awareness training and strengthening security policies and procedures to improve identity verification by helpdesk requests could helps combat tactics that manipulate IT staff into providing access to systems through phone calls or other forms of voice communication.
HC3 said it recently investigated two successful voice phishing scams that resulted in legitimate payments being redirected to US bank accounts controlled by the attackers.
“The threat actor could provide sensitive information needed to verify identity, including the last four digits of the employee’s Social Security number and company ID number,” the agency said in the report. target, along with other demographic details.”
“These details can be obtained from professional websites and other public sources of information, such as previous data breaches.”
During one attack, HC3 said the threat actor said their phone was broken so they couldn’t log in or receive multi-factor authentication (MFA) tokens. They convince the organization’s IT helpdesk to enroll a new device in MFA and gain access to the network, targeting login information related to payer sites.
HC3 said that by posing as a trusted source and creating a sense of urgency, the threat actor gained access to the payment system and submitted a request to change the automatic clearinghouse. dynamic.
The agency has defined several help desk policies, including requiring callbacks to phone numbers on file for employees requesting password resets and new device registrations, contacting supervisors staff supervision to verify demand, track suspicious ACH changes, and re-authenticate all users. with access to payer sites.
“Some hospitals have implemented procedures requiring staff to be physically present at the IT helpdesk when such a request arises,” HC3 noted.
The agency also outlined various MFA abuse mitigation measures for users of Entra ID, formerly Microsoft Azure Active Directory.
THE TREND IS GREATER
In some cases, spear-phishing attacks aim to drop ransomware to sabotage hospitals and force an organization to pay a large ransom. That was the case when OrthoVirginia, a physician-owned clinic, was attacked by Ryuk ransomware in 2021.
According to HC3, phishing, the most common exploit for gaining an initial foothold in an organization’s network, can also be addressed in regular security awareness training.
“It is important to train your workforce not to trust anything and anyone when it comes to communications,” advised Steve Cagle, CEO of Clearwater Security and Compliance, OrthoVirginia. they receive, which now includes voicemail, text messages and phone calls.” in its ransomware recovery journey.
“They need to learn to operate with skepticism, suspecting anything they cannot verify as legitimate, including QR codes,” Cagle said. Healthcare IT news last year.
With artificial intelligence, cybercriminals have even more weapons to increase the sophistication of these attacks.
ON PROFILE
“It is important to note that threat actors may also attempt to leverage AI voice impersonation techniques for spear phishing targets, making remote identity verification increasingly difficult with these technological advances,” HC3 noted in the warning.
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
