Hackers steal $7.5 million funds from US Health Department via email spoofing cyber attack


In a recent cybersecurity incident, hackers managed to pilfer millions of dollars from the US Department of Health and Human Services through a sophisticated spoofing attack. The cyber-criminals assumed the identities of legitimate fund recipients, skillfully engaging with health department staff via email to fraudulently obtain funds.

This well-executed cyber-attack resulted in the unauthorized withdrawal of approximately $7.5 million from the agency’s funds, presenting a significant challenge for security experts attempting to recover the stolen assets.

The Inspector General’s office has taken up the investigation following a formal request from the Health and Human Services department. The focal point of the breach was the ‘Payment Management System,’ a platform also utilized by federal agencies for fund transfers involving entities such as the Pentagon, Treasury Department, White House Administration, NASA, and Small Business Administration.

Given the interconnected nature of the breached platform, there is a considerable risk that hackers could employ similar email spoofing tactics to target other organizations within the network, seeking illicit financial gains. In response, the health department has enlisted the expertise of forensic professionals to mitigate potential risks and is collaborating with law enforcement agencies in an effort to recover the embezzled funds.

To enhance cybersecurity measures, fostering a culture of awareness among employees and online users is crucial. Vigilance against potential threats, the implementation of encryption protocols, and thorough verification of recipient identities can contribute significantly to preventing such attacks. Additional safeguards include the adoption of two-factor authentication (2FA) for heightened account security, utilizing antivirus and firewall protection, maintaining robust passwords, and ensuring that software is regularly updated with the latest security patches. These proactive measures collectively serve as a defense against future cyber threats.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display