Access to employees’ email accounts, and then pivoted to specifically target login information related to the processing of reimbursement payments to insurance companies, medicare, or similar entities.
To gain initial access to victim networks, the threat actor acquired credentials through social engineering or phishing. In some observed instances, the threat actor called an organization’s IT Help Desk posing as an employee of the organization, and triggered a password reset for the targeted employee’s organizational account [T1566.004]. In some instances, by manipulating the IT Help Desk employees, the threat actor was able to bypass multifactor authentication (MFA) [T1556.006]. In another instance, the threat actors registered a phishing domain [T1556.001] that varied by one character from the target organization’s true domain, and targeted the organization’s Chief Financial Officer (CFO) [TA1656].
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- UnitedHealth hid its Change Healthcare data breach notice for months
January 15, 2025
Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach. The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing ...
- EU lines up intel-sharing, cyber squads to stop hospital hacks
January 15, 2025
The European Union is ramping up support, an early-warning system and rapid response teams to help its hospitals fight off cyberattacks from hacker groups, it said Wednesday. The plan proposes setting up a European Cybersecurity Support Center for hospitals and the health care sector at the EU’s cybersecurity agency ENISA. That support center will provide tools ...
- Ransomware attack on health giant Ascension hits 5.6 million patients
December 20, 2024
A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing ...
- How the ransomware attack at Change Healthcare went down – a timeline
December 18, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- UK: Ransomware hackers target NHS hospitals with new cyberattacks
December 4, 2024
Ransomware hackers have continued an assault on National Health Service trusts across the United Kingdom by compromising multiple hospitals, exposing sensitive patient data and disrupting emergency services. Inc Ransom, a prolific Russia-linked ransomware group that claimed responsibility for an attack on NHS Scotland earlier this year, now claims to have breached the Alder Hey Children’s Hospital ...
- Medical testing company LifeLabs failed to protect customer data, report finds
November 27, 2024
In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information (PII) of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadian privacy regulators, which immediately announced an investigation. The privacy commissioners of both ...