Skip to content
Risk Fraud & Compliance

Ahead of the holiday season, healthcare cyberattacks create risk for government-funded programs

Melissa D. Berry  Lead Compliance Attorney Editor / Regulatory Intelligence / Thomson Reuters

· 5 minute read

Melissa D. Berry  Lead Compliance Attorney Editor / Regulatory Intelligence / Thomson Reuters

· 5 minute read

Cyberthreats against healthcare providers and insurers continues to increase and can become especially troublesome during the holiday season

Although ransomware attacks on health systems has dominated the news in recent years, recent enforcement actions shows how health insurers, including the federal government, can fall victim to schemes that compromise business emails and divert money from intended recipients.

The US Department of Justice (DOJ) announced charges in November against multiple defendants in connection with fraudulent email schemes that targeted Medicare and Medicaid programs, private health insurers, and other victims. The defendants were charged in connection with multiple business email compromise schemes that involved money laundering and wire fraud and resulted in losses of more than $11 million.

Business mail compromise schemes are a type of phishing attack that attempts to deceive an entity into transferring funds or disclosing sensitive information.

In these cases, fraudulent emails were sent to public and private health insurance programs that requested future payment be sent to “new bank accounts that did not belong to the hospitals” and instead were sent from “accounts resembling those associated with actual hospitals.” Based on these deceptive emails, five state Medicaid programs, two Medicare administrative contractors, and two private health insurers made payments to the defendants and their co-conspirators instead of the hospitals.

“These defendants defrauded numerous individuals, companies, and federal programs, resulting in millions of dollars in financial losses to vital federal programs meant to provide assistance to those in need,” said US Attorney Ryan K. Buchanan for the Northern District of Georgia in a DOJ statement.

The DOJ detailed some of the charges and allegations against the defendants, as follows:

      • A Columbia, SC man was charged with three counts of money laundering and one count of unlawful procurement of naturalization. He alleged used a stolen identity to open bank accounts in the name of a shell company in order to receive more than $1.4 million fraudulently diverted from a Medicaid program, a hospital, and others. He also allegedly laundered $583,000 of the proceeds.
      • An Atlanta man was indicted on four charges of money laundering after he allegedly used false identities to open bank accounts in the names of the false identities and shell companies. He received approximately $2.4 million from Medicare and several private companies. He laundered approximately $679,000 of those proceeds.
      • Another individual from Atlanta was charged with three counts of wire fraud, two counts of aggravated identity theft, and six counts of money laundering for using stolen and false identities to open accounts in the names of shell companies. She received nearly $830,000 in proceeds and laundered approximately $535,000 through large cash withdraws.

Holidays increase risks

Last year, there was a “30% increase in the average number of attempted ransomware attacks globally over the holiday season” from 2018 to 2020, compared to monthly averages, according to research from cybersecurity firm Darktrace. Researchers for the firm “also observed a 70% average increase in attempted ransomware attacks in November and December, compared to January and February.”

This increased holiday risk is also true in the healthcare sector. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert for Labor Day 2021 because they had “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends — when office are normally closed — in the United States.” Attacking on or around holiday weekends “provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware” because IT departments are at limited capacity for extended times.

Because staffing in all departments is often reduced during the holidays, it is important for all employees to be alert for suspicious emails that might include links that would expose the provider or insurer to malware or that might be an attempt to fraudulent divert payments from the intended recipient.

In fact, the average weekly attacks in the healthcare industry increased 69% in the first half of 2022 compared to 2021, according to a recent report from research firm Check Point, with healthcare providers being among the victims of some of the more serious cyberattacks. In the third quarter, healthcare was the most targeted industry for ransomware attacks with 1-in-42 entities impacted by ransomware, according to Check Point.

For example, a January attack on Broward Health in Florida exposed the medical information of more than 1.3 million individuals to cyber criminals, according to Check Point. In October, a ransomware attack hit CommonSpirit health system, which operates 142 hospitals across 21 US states. The attack blocked access to the system’s electronic health records and disrupted patient care.

Whether it is a business email compromise scheme to divert payments from Medicare and Medicaid or another phishing email that exposes a provider or insurer to a costly malware attack, it is imperative that everyone be alert to cyberthreats, especially as we head into the holiday season.