top of page

Social Engineering Attacks Targeting IT Help Desks in the Health Sector


The Health Sector Cybersecurity Coordination Center (HC3) within the Department of Health and Human Services (HHS) is at the forefront of healthcare cybersecurity. In April 2024 HC3 put out an urgent alert titled “Social Engineering Attacks Targeting IT Help Desks in the Health Sector”. The full document can be found here: Help Desk Social Engineering Sector Alert.


The alert outlines examples of some recent, high-profile attacks targeting healthcare IT help desks. Threat actors are employing sophisticated tactics to manipulate help desk agents into providing unauthorized access to corporate resources, posing significant risks to data integrity and organizational security.


Amidst these threats, Caller Verify has emerged to bolster security measures. Caller Verify extends Okta Multi-Factor Authentication (MFA) to contact centers and IT help desks for hospitals, providing a robust defense against social engineering attacks. Let's explore how Caller Verify can effectively combat these threats:


Out-of-band Authentication

NIST (the National Institute of Standards and Technology) recommends using out-of-band authentication channels to enhance security during the authentication process. Out-of-band authentication involves verifying a user's identity using a separate communication channel or device from the one being used for the primary transaction or interaction. This approach helps mitigate the risk of attacks, such as man-in-the-middle attacks, by separating authentication data from the main communication channel. These may include methods such as:

  • sending authentication codes via SMS or email

  • sending push notifications to a user's mobile device

  • time-based one-time passcodes (TOTP codes) on a mobile device

  • dedicated hardware tokens

By leveraging out-of-band authentication for caller verification, organizations can enhance the security of their authentication processes and reduce the risk of unauthorized access and fraud.

  

Modern Identity Verification

Caller Verify modernizes help desk methods for caller authentication. Instead of relying solely on easily compromised security questions or personal information, Caller Verify can utilize more trustworthy out-of-band authentication factors such as TOTP codes and push notifications. Requiring callers to authenticate themselves via phishing resistant verification factors significantly reduces the likelihood of unauthorized access by malicious actors.


Real-Time Caller Authentication

With Caller Verify, organizations can authenticate callers in real-time, ensuring that only authorized individuals gain access to sensitive systems and data. By verifying the authenticity of callers before granting access, organizations can thwart social engineering attempts, even when threat actors possess partial employee information obtained through public sources or previous data breaches.


Unified Verification Experience

Caller Verify offers a unified verification experience across all communication channels, streamlining the authentication process for both callers and help desk staff. Whether callers reach out via phone, email, or chat, Caller Verify ensures consistent and robust identity verification measures are in place, regardless of the communication medium used.


Mitigation of Social Engineering Tactics

The sophisticated social engineering tactics used in recent breaches are blocked in organizations protected by Caller Verify. By requiring out-of-band authentication, Caller Verify adds layers of security that make it significantly harder for threat actors to succeed in their malicious activities.


Proactive Security Measures

Caller Verify empowers organizations to take proactive security measures against evolving social engineering threats. By providing user awareness training and implementing policies and procedures for enhanced security, organizations can stay ahead of emerging threats and ensure their help desk staff are equipped to identify and thwart social engineering attempts.


In conclusion, Caller Verify emerges as a powerful ally in the fight against social engineering attacks targeting healthcare IT help desks. By fortifying identity verification processes, providing real-time authentication, and offering a unified verification experience, Caller Verify helps organizations mitigate risks and safeguard sensitive data from malicious actors. As organizations continue to prioritize cybersecurity, solutions like Caller Verify play a vital role in enhancing resilience and protecting against evolving threats.


To learn more, Book a demo with us today.



Comments


Commenting has been turned off.
bottom of page