The Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting health care, public health entities and providers.
Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Health care organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. The FBI and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of social engineering incidents.
Click here to see the complete CSA.
