Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers

Access to employees’ email accounts, and then pivoted to specifically target login information related to the processing of reimbursement payments to insurance companies, medicare, or similar entities.

To gain initial access to victim networks, the threat actor acquired credentials through social engineering or phishing. In some observed instances, the threat actor called an organization’s IT Help Desk posing as an employee of the organization, and triggered a password reset for the targeted employee’s organizational account [T1566.004]. In some instances, by manipulating the IT Help Desk employees, the threat actor was able to bypass multifactor authentication (MFA) [T1556.006]. In another instance, the threat actors registered a phishing domain [T1556.001] that varied by one character from the target organization’s true domain, and targeted the organization’s Chief Financial Officer (CFO) [TA1656].

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division

Sign up for our Newsletter


  • CrowdStrike Took Down Australia And Half The World Now Facing Massive Compensation Claims

    July 19, 2024

    The reputation of a Company that describes themselves as one of the world’s best cyber security Companies is in tatters tonight, with the US business facing the potential of being sued by hundreds of business including major retailers in Australia and insurance Companies looking to claw back payouts for lost income, airline delays and customers ...

  • What Is CrowdStrike? Security Company Implicated In Online Outage

    July 19, 2024

    CrowdStrike is a company that provides cloud-based online security solutions. Its software is used by some of the largest players in cloud services, including Amazon’s AWS. CrowdStrike has also been implicated in the global outage that has impacted retailers, airlines, media companies and more. The company’s co-founder has acknowledged the issue, and says a fix has ...

  • Microsoft IT outage linked to cyber security firm Crowdstrike hits airlines, railways, NHS and media outlets globally

    July 19, 2024

    The ‘most serious IT outage the world has ever seen’ sparked global chaos today – with planes and trains grounded, the NHS disrupted, shops closed, football teams unable to sell tickets and banks and TV channels knocked offline. The devastating technical fault caused Windows computers to suddenly shut down, prompting departure boards to immediately turn off ...

  • MediSecure reveals 12.9 million Australians had personal data stolen in cyber attack earlier this year

    July 18, 2024

    eScript provider MediSecure has revealed the personal data of 12.9 million Australians was stolen by hackers earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May. The company had previously not disclosed how ...

  • Rite Aid confirms data breach following ransomware attack

    July 15, 2024

    American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft. In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers. “Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We ...

  • NHS remains vulnerable to further cyber-attacks

    July 8, 2024

    A leading cybersecurity expert has warned that the NHS remains vulnerable to further cyber-attacks unless it updates its computer systems. This stark assessment comes in the wake of a major ransomware attack that has severely disrupted healthcare services across London. Prof Ciaran Martin, the founding CEO of the UK’s National Cyber Security Centre (NCSC), told the ...