H-ISAC TLP White Threat: Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers

On June 24, 2024, the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint Cyber Security Advisory (CSA). The alert includes known indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) leveraged in a social engineering campaign targeting healthcare, public health entities, and providers.

Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to fraudulent bank accounts. Healthcare organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions.

Health-ISAC is sharing this alert to help raise awareness regarding campaigns targeting help desks leveraging social engineering techniques to compromise networks. Attacks targeting help desks, most notably identified in a Cybersecurity and Infrastructure Security Agency (CISA) advisory, have been an ongoing challenge within the threat landscape.

All members are encouraged to review the attached joint Cyber Security Advisory for additional information, including indicators of compromise, observed tactics and techniques, and associated mitigations.

View the detailed report and the Cybersecurity Advisory below.