All industries are susceptible to cyber attacks, but there has been an increase in those specifically aimed at healthcare processors. In fact, the FBI issued a Private Industry Notification on September 14, 2022 warning those in the industry about an escalation of attacks along with recommendations on what can be done to avoid falling for one.

Hackers are using personally identifiable, and publicly available, employee information to impersonate care providers and infiltrate healthcare portals, payment information, and websites.

For example, in February of 2022, a hospital’s direct deposit information was accessed – and changed – to direct $3.1 million in payments into a different bank account. In April 2022, a hacker posed as an employee of a healthcare company and diverted payments totaling $840k from one of their payment processing vendors into a different account.

Cybercriminals are known to be both conniving and patient when executing schemes, using phishing schemes, social engineering, email updates, password resets and other methods to gain access to accounts. Hackers have been known to pose as members as well, preying on the desire of employees to help with payment problems.

Be on the lookout for…

  • Emails to finance departments
  • Attempts to obtain access to internal files and payment portals
  • Frequent rule changes or requests to change email exchange server configurations
  • Multiple, frequent requests for employees to change passwords and multifactor authentication phone numbers, particularly at the same time
  • Reports from employees saying they are locked out of accounts due to failed password recovery attempts

Protect yourself by…

  • Sending mock phishing emails to test employees and identifying those most likely to fall for them so you can provide additional training
  • Enabling and/or updating anti-virus and anti-malware software
  • Creating and/or updating an incident response plan
  • Establishing protocols for employees to report privacy and security anomalies
  • Requiring strong passwords (or ideally passphrases) and multi-factor authentication to log into all accounts
  • Training employees to be cautious about sharing sensitive data on the phone or through online communications
  • Regularly assessing your network security
  • Creating a policy that requires any changes to bank deposits, invoices and contact information be verified internally and with third-party vendors
  • Conducting external vendor risk assessments
  • Not allowing credentials and multifactor authentication changes to occur simultaneously

Take immediate action if you notice evidence that your systems or network has been compromised. Once a hacker gains access to your system, they can wreak havoc quickly. Contact your IT vendor and cybersecurity insurance company immediately to get input on how to respond to minimize damage.

About the Author:


Matthew Dubnansky TMDG Healthcare Assurance and Risk ConsultingMatthew B. Dubnansky, CPA, CGMA | Partner
Matt leads our national healthcare assurance and risk consulting practice. He is a forward thinking leader who works with plan sponsors across North America to better manage and oversee their plan benefit administration. He is also a published author and speaks on various topics at industry leading conferences. Matt provides clarity to simplify an otherwise complex healthcare system, focus to concentrate resources on what matters most, and actionable insights to optimize health plan administration.