In 2023, a series of cyber-attacks targeting multiple hospitals’ networks were detected and thwarted by ECHO’s security protections. Attackers targeted billing and revenue staff with phishing emails, leading to multiple large-scale Business Email Compromise (BEC) events. ECHO’s real-time security controls prevented a PHI data breach and potential financial disaster, ensuring the continued safety of five hospitals that ECHO pays via ACH payments. At the time of this summary, the perpetrators have not been identified.
In July and August of 2023, a series of coordinated cyber-attacks targeted numerous hospital networks along the East Coast and Midwest United States. ECHO holds payment accounts with five of the affected hospitals. These five locations collectively receive over $2.5 billion in annual payments from various payers through ECHO.
The attackers used phishing emails targeting billing and revenue staff of the hospitals to compromise their email accounts, leading to multiple large-scale Business Email Compromise (BEC) events. Once inside the email systems of targeted employees, the attackers used the compromised email accounts to bypass Multi-Factor Authentication (MFA) and gain access to the hospitals’ payment portals. With this unauthorized access, the attackers attempted to request bank updates, file new enrollments, and initiate payment requests to each hospital’s payer networks.
ECHO’s fraud prevention systems immediately detected anomalies in the user access logs and ACH enrollment processes. Alerts were triggered for suspicious IP addresses, browser activity, and other proprietary data points. These triggers led to an immediate investigation, identifying the unauthorized access to payment portals which was blocked before any payment requests were executed.