In a striking Sector Alert this April, the U.S. Department of Health warned health providers against threat actors using sophisticated, coordinated social engineering attacks on hospital IT helpdesks. After successfully taking down Change Healthcare, MGM, Clorox, and countless others, hacker groups like Scattered Spider have further refined their techniques. IT and security teams at healthcare organizations need to be aware of the threats and take proactive measures to protect their organizations.
Why would an attacker bother trying to phish your users' credentials to carry out ATO [account takeover], when it may just be easier to call your helpdesk, pretend to be a user and get the credentials reset? – Akif Khan, VP Analyst at Gartner
The HC3 offers several security recommendations in their Sector Alert, Social Engineering Attacks Targeting IT Help Desks in the Health Sector. But to properly implement this guidance, organizations first need to understand the nature of the threat.
Writing on Forbes, Nametag CEO Aaron Painter breaks down the Sector Alert and offers specific recommendations on how IT and security teams at healthcare organizations can guard against this pernicious threat.
Read Aaron Painter on Forbes: Combating Threat Actors In The U.S. Healthcare Sector
