Homeland Security warns healthcare organizations of hackers using 'password spraying' tactic

Hackers are changing tactics to target healthcare organizations using “brute force” and “password spraying” in an effort to compromise user accounts and breach systems, a new report said. 

In an analysis released  Oct. 16, the Cybersecurity and Infrastructure Security Agency (CISA) said Iranian cybercrime cells have begun to intensify attacks against healthcare entities, using multifactor authentication scams to breach systems and maintain covert control. Some are even changing cybersecurity settings at medical practices, insurers and health systems to prolong access. 

The Iranian groups also are targeting government agencies, social services, energy, engineering and more, CISA said. They may be motivated by financial gain, selling off stolen credentials to other nefarious entities. 

“The actors likely aim to obtain credentials and information describing the victim’s network that can then be sold to enable access to cybercriminals,” CISA added. 

In some of the analyzed cases, the hackers increased privilege restrictions on systems and launched malware to monitor and control activity. CISA said the attackers use remote desktop software to control computers alongside legitimate users, citing one instance where Microsoft Word was used to open PowerShell and install Microsoft’s remote desktop software, activated with the mstsc.exe command.

Technology also is sometimes deployed to “spray” passwords in a common dictionary-style brute force attack to gain access to parts of systems that are protected with logins. 

CISA posted the alert to advise all industries of these tactics so they can improve security strategies. It advises groups to closely monitor for suspicious logins from unknown IP addresses, changes in usernames and passwords, and MFA codes coming from unsolicited sources. These are not only the signs of these types of attacks but also indicate bot activity. The agency said it is seeing an increasing number of bot attacks that attempt to bog down and break systems across various industries. 

The full advisory from CISA can be found here

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

A string of executive orders from the White House created serious concerns among radiologists and other healthcare providers throughout the United States. The American College of Radiology issued a statement to help guide its members through the chaos. 

Bridgefield Capital, founded in 2015, has previously invested in such popular brands as Cirque Du Soleil, Del Monte and Quiksilver. This transaction is expected to be completed in the second half of 2025. 

Given the precarious excitement of the moment—or is it exciting precarity?—policymakers and healthcare leaders must set directives guiding not only what to do with AI but also when to do it.