Access to employees’ email accounts, and then pivoted to specifically target login information related to the processing of reimbursement payments to insurance companies, medicare, or similar entities.
To gain initial access to victim networks, the threat actor acquired credentials through social engineering or phishing. In some observed instances, the threat actor called an organization’s IT Help Desk posing as an employee of the organization, and triggered a password reset for the targeted employee’s organizational account [T1566.004]. In some instances, by manipulating the IT Help Desk employees, the threat actor was able to bypass multifactor authentication (MFA) [T1556.006]. In another instance, the threat actors registered a phishing domain [T1556.001] that varied by one character from the target organization’s true domain, and targeted the organization’s Chief Financial Officer (CFO) [TA1656].
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Dutch government loses hard drives with data of 6.9 million registered donors
March 11, 2020
The Dutch government said it lost two external hard disk storage devices that contained the personal data of more than 6.9 million organ donors. The hard drives stored electronic copies of all donor forms filed with the Dutch Donor Register between February 1998 to June 2010, officials from the Dutch Minister of Health, Wellness, and Sport ...
- BlueKeep Flaw Plagues Outdated Connected Medical Devices
February 19, 2020
While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol (RDP) flaw. Researchers said they found that 22 percent of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even ...
- Matters of Life and Death: Cyber Security and Medical Devices
February 3, 2020
Concerns about the vulnerabilities of medical devices to cyber attacks are spurring a new focus on the need to protect patient safety, data and hospital systems It’s a scenario right out of a Hollywood blockbuster. Without a word of warning, medical devices regulating everything from heartbeat to insulin levels across a hospital system begin behaving erratically ...
- A Ransomware Prescription for the Healthcare Industry
January 29, 2020
To paraphrase Mark Twain, reports of ransomware’s death have been greatly exaggerated. Ransomware attacks resumed with a vengeance last year, despite conjecture by some researchers that CPU mining would overtake ransomware as a leading threat vector. Instead, the ransomware threat is stronger than ever, impacting more than 750 healthcare providers and racking up recovery costs approaching $4 billion. Some healthcare ...
- Cyber-security breaches at 67 percent of healthcare organisations last year
January 16, 2020
A survey has found that a large portion of healthcare organisations in the UK experienced cyber-security incidents last year, which were mostly due to employees sharing data. According to new research, in the last 12 months, 67 percent of healthcare organisations in the UK suffered a cyber-security incident. The data was compiled by Clearswift, which surveyed senior business decision makers ...
- Alabama Hospitals Pay Up in Ransomware Attack
October 7, 2019
An Alabama hospital system has paid its attackers in a ransomware attack that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much the hospitals paid for the decryption key, but noted that they have started a “methodical” process of system restoration. “We have been using our own DCH backup ...