Sophisticated one-time hacking scam costs target $289K; useful lessons for health industry

The details of a recent hacking scam, while not in the healthcare industry, may contain useful pointers for healthcare nonetheless. A San Diego area attorney clicked a link in a legitimate-looking email which released a virus into his computer which recorded his keystrokes. As the hackers could now follow the attorney’s activities from moment to moment, they waited until he attempted to access his firm’s bank account online. The hackers then initiated a telephone call to him, purporting to be from the bank. The ersatz bank employee noted that the bank saw he was attempting to access his account and having trouble logging in. As this was, of course, the case, thanks to the hackers’ behind-the-scenes work in his computer, the attorney saw no reason to doubt the caller, and followed the caller’s instructions to “fix the problem.” When the smoke cleared, $289,000 had been wired out of his firm’s bank account. While the bank is refusing to cover the loss, observers note that the level of sophistication of such multi-part scams is making it increasingly difficult for targets to identify what is happening in time to avert harm .

See ABA Journal (American Bar Association) article at “Lawyer who clicked on attachment loses $289K in hacker scam”

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *