Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers

HHS and the Federal Bureau of Investigation (FBI) have issued a joint Cybersecurity Advisory warning about a social engineering campaign targeting healthcare and public health entities. Threat actors use phishing to steal login credentials, particularly for accessing systems handling financial transactions like automated clearing house (ACH) payments. Healthcare organizations are vulnerable due to their reliance on technology and access to sensitive data, which disrupts patient care when compromised. The advisory recommends implementing specific mitigations to counter these tactics. The threat actors employ tactics such as impersonating employees to manipulate information technology (IT) help desks for password resets and bypassing multifactor authentication. They also create phishing domains resembling legitimate ones to target high-ranking officials like chief financial officer (CFOs), using personally identifiable information for identity confirmation. Once inside victim networks, they use “living off the land” techniques to modify forms and divert ACH payments to United States bank accounts under their control, followed by transfers to overseas accounts. Their attempts to upload malware to victim systems have been unsuccessful in observed instances. For more information, please visit Social Engineering Tactics Targeting HPH.