Healthcare
,
Incident & Breach Response
,
Industry Specific
Attackers Attempted to Reroute Hospital Medicaid Reimbursements
A hack of a Connecticut Medicaid web portal used by healthcare providers affected thousands of patients. The attack was part of a thwarted scheme by cybercriminals to divert Medicaid payments.
See Also: Reduce Cloud Risk in Healthcare with Security by Default
Hartford HealthCare on Thursday told ISMG that it identified unusual activity on March 25 involving accounts associated with a web portal that the Connecticut’s department of social services requires Medicaid providers to use for the submission and payment of claims.
The portal is hosted and maintained by Gainwell Technologies, which provides administrative services supporting the state of Connecticut’s Medicaid program – Husky.
The state government said an investigation found the hack affected 22,500 individuals. Hackers used compromised credentials of Hartford HealthCare employees to access Hartford HealthCare user accounts on the Husky provider portal on March 4.
“The root cause of the issue is due to the bad actor’s ability to compromise the credentials Hartford HealthCare employees used to log in to multiple payer portals. We cannot comment on how this was accomplished,” Gainwell said in a statement to ISMG.
Hartford HealthCare told ISMG that no patient information hosted by Hartford HealthCare’s own systems were involved in the incident.
Hackers downloaded files containing patient information, including names, identification numbers associated with Hartford HealthCare account or Medicaid claim, services received and how they were billed, payment information, including amounts paid, and information about applicable non-Medicaid health insurance.
Social Security numbers and financial account information were not affected, since that data is not available in the system accessed by the hackers.
Attackers did not demand a ransom in the incident, a Gainwell spokeswoman told ISMG. “Gainwell’s security controls prevented any Medicaid funds from being transferred improperly,” she said.
Web portals are among some of the easiest potential targets for cybercriminals. They offer a large attack surface, said Dave Bailey, vice president of consulting and strategy at consultancy Clearwater.
“They sit at the intersection of convenience, identity and sensitive data. If a criminal can compromise one valid account, they may be able to move quickly from ‘logging in’ to viewing or downloading valuable data,” he said.
Often these portals also lack strong security controls. “Many portals – especially patient portals – are not enforcing the use of multifactor authentication, for user convenience,” said Keith Fricke, co-managing partner of consulting firm tw-Security.
Artificial intelligence tools offer a chance for organizations to strengthen their web portal security – but at the same time, provide added risks in the hands of bad actors, Bailey said.
“AI can help defenders spot abnormal login behavior, identify suspicious data access patterns, prioritize vulnerabilities, analyze logs faster and detect signs of account takeover that traditional rules might miss,” he said.
But AI also lowers the cost of targeting portals at scale, he added. Attackers use AI to craft more convincing phishing messages, scan for vulnerabilities and generate exploit code. “AI does not change the fundamentals of security, but it increases attacker speed, volume and personalization.”
Click Here For The Original Source.
