Vol. 68, Issue 28
View more issues of The Valued Voice
Sign Up for WHA's Newsletter
Click here to view past issues
IN THIS ISSUE
- WHA CEO Borgerding Joins Wisconsin Health News Panel to Discuss the Fall Elections’ Potential Impact on Health Care
- WHA’s Eighth Annual Post-Acute Care Seminar Agenda Announced
- Worker’s Compensation Rates Fall for Ninth Consecutive Year
- CMS Introduces 2025 Outpatient Rule with COPs for OB Care
- WHA Welcomes New Member Relations Manager, Olivia Buell
- WHA Seeks Community Benefit Stories for 2024 Report - Due Aug. 30
- M3 Insurance Continues to Keep WHA Members Up To Date on Cybersecurity
- Apply Today for the 2024 Global Vision Community Partnership Award - $2,500 Unrestricted Grant Opportunity
EDUCATION EVENTS
Apr. 9, 2025
2025 Advocacy DayApr. 22, 2025
Nursing ServicesMay. 14, 2025
2025 WHA Workforce ForumClick here to view quality event calendar
View more issues of The Valued Voice
Sign Up for WHA's Newsletter
Saturday, July 13, 2024

The FBI and HHS released a joint Cyber Security Advisory notice notifying providers of a new social engineering campaign targeting health care providers.
According to the notice issued by the FBI and HHS, "threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. The FBI and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of social engineering incidents."
The notice also outlines that the threat actors are gaining access through social engineering or phishing methods by calling the IT Help Desk in an attempt to reset passwords, bypassing MFA, etc. They are using voice over Internet protocol (VoIP) numbers to conduct these campaigns as well. The list of phone numbers used by threat actors is also provided in this advisory.
Risk Management Recommendations
M3 Insurance Continues to Keep WHA Members Up To Date on Cybersecurity


According to the notice issued by the FBI and HHS, "threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. The FBI and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of social engineering incidents."
The notice also outlines that the threat actors are gaining access through social engineering or phishing methods by calling the IT Help Desk in an attempt to reset passwords, bypassing MFA, etc. They are using voice over Internet protocol (VoIP) numbers to conduct these campaigns as well. The list of phone numbers used by threat actors is also provided in this advisory.
Risk Management Recommendations
- Implement multi-factor authentication (MFA) for every account.
- Train IT Help Desk employees on this vulnerability. MFA bypasses should not be allowed for any individual calling into the Help Desk.
- Reduce threat of malicious actors using remote access tools by:
- Auditing remote access tools on your network to identify currently used and/or authorized software.
- Reviewing logs for execution of remote access software to detect abnormal use of programs running as a portable executable
- Using security software to detect instances of remote access software being loaded only in memory.
- Requiring authorized remote access solutions to be used only from within your network over approved remote access solutions, such as virtual private networks (VPNs) or virtual desktop interfaces (VDIs).
- Blocking both inbound and outbound connections on common remote access software ports and protocols at the network perimeter.
- Applying recommendations in the Guide to Securing Remote Access Software.
- Organizations are urged to check phone call logs to identify if their organization has been in contact with any of the phone numbers listed in the Advisory Notice. If contact was made, the organization should assess what access the UA was given and if the UA was successful in accessing sensitive information.