Healthcare organizations are currently facing sophisticated social engineering attacks that involve threat actors impersonating employees to gain access to sensitive information and redirect funds to attacker-controlled bank accounts.


These attacks involve threat actors obtaining personal details from public sources and convincing IT helpdesk operators to enroll new devices in multi-factor authentication (MFA) systems [1]. To combat these threats [1], healthcare organizations are advised to enforce Microsoft Authenticator with number matching for user authentication [1], remove SMS as an MFA option [1], ensure secure MFA and SSPR registration [1], and block external access to Microsoft Azure and Microsoft 365 administration features [1]. Additionally, hackers may use AI voice impersonation techniques to make remote identity verification challenging [4], so implementing callback procedures [4], requiring in-person verification for certain requests [4], and training employees to identify social engineering techniques are recommended measures to mitigate risks. The Health Sector Cybersecurity Coordination Center warns hospitals to be vigilant [3], as hackers are targeting login information for payer websites to steal money and divert payments to attacker-controlled bank accounts [3]. HC3 advises IT helpdesks to require callbacks for MFA enrollment and password resets [3], monitor ACH changes for suspicious activity [3], and train employees to identify social engineering techniques [3] [4]. The US Department of Health and Human Services (HHS) has also warned of social engineering attacks targeting the healthcare and public health (HPH) sector [2], where threat actors use local area codes to disguise themselves and pose as financial department employees to trick victims into providing ID verification details [2]. Some threat actors use AI voice-cloning tools to enhance the effectiveness of their attacks [2].


These social engineering attacks pose significant risks to healthcare organizations, but implementing recommended security measures and training employees to identify threats can help mitigate these risks. It is crucial for healthcare organizations to remain vigilant and proactive in protecting sensitive information and funds from malicious actors in the future.