Health Law Highlights

HHS Warns Health Care Sector of AI-Driven Phishing, Social Engineering Attacks on IT Help Desks

Summary of article from Carlton Fields, by Michael Bailey, John Clabby:

The Health Sector Cybersecurity Coordination Center (HC3) has issued an alert about advanced cybersecurity threats targeting the healthcare sector, particularly IT help desks. These threats involve the use of publicly available information and AI to impersonate healthcare employees, gaining access to email accounts and diverting payments to threat-controlled accounts. The alert also highlights the rise of “spearphishing voice” or “vishing” attacks, using AI to mimic employee voices. In response, the Department of Health and Human Services (HHS) is planning to expand its cybersecurity regulations and enforcement, including potential increases in penalties for HIPAA violations. To mitigate these threats, organizations are advised to enhance training, review cybersecurity policies, limit social media exposure, improve help desk verification procedures, and reassess multi-factor authentication methods.