US Health Departmen...
Clear all

US Health Department warns IT help desks of social engineering

1 Posts
1 Users
0 Reactions
Brandon Lee
Posts: 554
Member Admin
Topic starter

Anyone working in the healthcare sector, specifically helpdesk?


  • The U.S. Department of Health and Human Services (HHS) warns of hackers targeting IT help desks in the Healthcare and Public Health (HPH) sector using social engineering tactics.
  • Attackers gain access by enrolling their own multi-factor authentication (MFA) devices after impersonating financial department employees.
  • They manipulate IT helpdesks into enrolling new devices under their control, leading to access to corporate resources and facilitating business email compromise attacks.
  • The attackers exploit vulnerabilities in the payer websites, diverting payments to their controlled bank accounts, which are later transferred overseas.
  • The tactics resemble those of the Scattered Spider threat group, known for their ransomware attacks on high-profile organizations.
  • The FBI and CISA previously issued advisories on Scattered Spider's tactics.
  • While health sector incidents have similarities, they have yet to be directly attributed to a specific threat group.


  • Hackers are targeting IT help desks in the healthcare sector using social engineering.
  • They gain access through MFA enrollment after impersonating financial department employees.
  • Vulnerabilities in payer websites are exploited for diverting payments to attacker-controlled accounts.
  • Similarities exist between these attacks and those of the Scattered Spider threat group.
  • FBI and CISA have previously issued advisories regarding Scattered Spider's tactics.
  • Organizations are advised to implement callback verification, monitor for suspicious ACH changes, and train help desk staff to identify social engineering techniques.

Posted : 06/04/2024 7:20 pm