FBI Warns Healthcare Organizations to Stay Alert
On September 12, the FBI released an alert warning of malicious cyber activity from criminal groups UNC6040 and UNC6395, which are responsible for a growing number of data theft and extortion intrusions. The American Hospital Association (AHA) has urged hospitals and healthcare providers to take this threat seriously.
How the Attacks Work
UNC6040 has gained access to Salesforce accounts through voice phishing attacks. In these schemes, criminals call victims posing as IT support, tricking employees into sharing login credentials. Once inside, they authorize malicious “connected apps,” enabling them to bypass standard defenses such as password resets and login monitoring.
UNC6395, on the other hand, was found to have exploited compromised access tokens for the Salesforce-integrated Drift AI chatbot. This method allowed attackers to infiltrate accounts and exfiltrate customer data without triggering traditional security alerts.
Some victims have subsequently reported extortion emails, allegedly from the ShinyHunters group, demanding cryptocurrency payments to prevent the release of stolen data.
HIPAA Implications for Healthcare
Under HIPAA, covered entities and business associates are required to protect the confidentiality, integrity, and availability of protected health information (PHI). A breach involving a program or website that you use to manage patient information (e.g. EHR, Digital Imaging) could result in mandatory breach notifications, regulatory investigations, reputational damage, and steep financial penalties.
What You Should Do Now
The FBI and AHA recommend:
- Implement phishing-resistant multi-factor authentication (MFA) for all programs and websites that manage or access patient information
- Audit and monitor platforms with ePHI to detect and prevent unauthorized access.
- Apply the Principle of Least Privilege by granting users and groups only the access necessary to perform their authorized tasks, and reinforce this with strong authentication, authorization, and accounting (AAA) controls.
- Train staff on social engineering tactics, especially voice phishing.
The Takeaway
Cybercriminals are evolving their methods by targeting the platforms healthcare organizations rely on most. For providers, this is a reminder that HIPAA compliance requires more than just documentation; it requires active monitoring, staff education, and robust technical safeguards. By staying proactive, healthcare organizations can reduce their risk exposure and demonstrate due diligence in protecting PHI.
Reach out to TLD Systems to understand what steps you can take to mitigate the risk in your office and educate your staff.
(631) 403 6687
https://www.tldsystems.com
Read Comments