Share This Article:
Hackers Impersonating Revenue Cycle Employees According to Recent AHA Warning
25 Jan, 2024 F.J. Thomas
Sarasota, FL (WorkersCompensation.com) – Last month, the Justice Department announced that they had essentially “hacked the hackers” in an extensive undercover investigation of the Blackcat ransomware group, also known as ALPHV or Noberus. Blackcat is a notorious cyber-crime organization that has attacked over 1,000 entities in the U.S., including government and healthcare facilities.
Healthcare has seen a steady increase in the number of cyber-attacks the last couple of years. Typically, hackers have accessed organizations by either tapping into their servers, or phishing via emails. However, according to a recent warning from the American Hospital Association hackers have changed their tactics once again.
According to the announcement hackers are targeting revenue cycle employees, and other employees that access to critical financial information, such as bank accounts. The hackers are compromising the employee’s emails and then contacting the employee’s IT deparment to request password resets, and multi-factor authentication enrollment for a new device, such a cell phone.
After initiating a password reset and multi-factor authentication, the hackers then have full access to the employee’s emails and all applications, including those applications associated with banking. According to the announcement, hackers have used this method to contact payment processors, and then divert payments owed to other bank accounts that the hackers have set up. Investigators believe that the funds are eventually transferred to off shore accounts.
John Riggi, AHA’s national advisor for cybersecurity and risk, believes that consistent application of even simple security protocols can help combat this occurring in organizations. “The risk posed by this innovative and sophisticated scheme can be mitigated by ensuring strict IT help desk security protocols, which at a minimum require a call back to the number on record for the employee requesting password resets and enrollment of new device. Organizations may also want to contact the supervisor on record of the employee making such a request,” Riggi advises.
Additionally Riggi recommends that organizations contact the FBI at https://www.ic3.gov/ to file a report. Riggi states that the FBI has been able to recover diverted payments if reports are made within 72 hours of the incident.
Riggi also stated that as a result of becoming a victim of this particular scheme, one large organization is now requiring employees to make request password resets and multi-factor authentication enrollment for new devices in person to their IT department. While this method certainly lessens the chance of this type of hack occurring, it’s not always feasible for larger organizations with multiple locations, or remote workers that may work clear across the county. With many healthcare organizations merging, and growing more siloed as a result, verifying authenticity of help desk and other type requests can be a challenge.
california case management case management focus claims compensability compliance compliance corner courts covid do you know the rule exclusive remedy florida glossary check Healthcare health care hr homeroom insurance insurers iowa kentucky leadership medical NCCI new jersey new york ohio opioids osha pennsylvania Safety simply research state info technology texas violence WDYT west virginia what do you think women's history month workcompcollege workers' comp 101 workers' recovery workers' compensation contact information Workplace Safety Workplace Violence
Read Also
About The Author
About The Author
-
F.J. Thomas
F.J. Thomas has worked in healthcare business for more than fifteen years in Tennessee. Her experience as a contract appeals analyst has given her an intimate grasp of the inner workings of both the provider and insurance world. Knowing first hand that the industry is constantly changing, she strives to find resources and information you can use.
More by This Author
Read More
- Dec 22, 2024
- Claire Muselman
- Dec 22, 2024
- Liz Carey
- Dec 21, 2024
- Claire Muselman
- Dec 20, 2024
- Chriss Swaney
- Dec 20, 2024
- Claire Muselman
- Dec 20, 2024
- Liz Carey