Taking advantage of the ridiculously complex US healthcare billing system
Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.
Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center (Health-ISAC), said his nonprofit’s members have also reported an increase in phishing and social-engineering scams targeting healthcare organizations, similar to those detailed in the FBI’s alert.
“These incidents often involve adversaries impersonating trusted entities, such as government organizations or established global brand names to deceive people into divulging sensitive information,” Weiss told The Register. “The healthcare sector, with its complex billing and procurement processes, unfortunately presents a rich target for this kind of financial fraud.”
Criminals frequently use previously leaked data to make their social-engineering attacks more believable, he added.
“They use stolen information — anything from a partial SSN to the details of a recent vendor transaction — to build a false sense of trust with their target,” Weiss said. “It’s a classic confidence trick, where a few ‘secret’ details are used to convince an employee that the entire request is legitimate.”
