Bhuyan: Cybercriminals Step Up Attacks on Health Care Payment Processors

The Federal Bureau of Investigation in September warned that it has received multiple reports of cybercriminals increasingly targeting health care payment processors to redirect payments to themselves. Typically, this involves a cybercriminal obtaining employees’ publicly-available personal identifiable information and other data to impersonate victims and gain access to files, health care portals, payment information, and websites to then redirect payments to the cybercriminal’s bank account.


Another approach would be to use hard tokens that permit access to software and verify identity with a physical device instead of authentication codes.

“This kind of token allows software access through verification of a physical device rather than codes or passwords. Although cost can be a concern for using hard tokens compared with other authentication types, such as SMS authentications, hard tokens have an advantage in protecting confidential data,” said cybersecurity specialist Soumitra Bhuyan, PhD, an associate professor at Rutgers University in New Brunswick, New Jersey.

The individual with the hard token needs to be present to access data. Consequently, systems based on hard tokens are difficult to breach remotely. However, hard tokens come with some limitations. They are costly for a large organization to implement and, with any physical devices, they can be lost, Dr Bhuyan said.

Pulmonology Advisory, January 6, 2023