Health-ISAC Warns of Cybercrimes Involving Synthetic Accounts, ‘Product Abuse’


Marianne Kolbasuk McGee (HealthInfoSec) • March 23, 2023


Link to full article in Healthcare InfoSecurity:


Threats that traditionally menaced other industries – including synthetic accounts and abuse of IT product platforms – are among the top emerging worries for the healthcare sector, warns an industry report.

Synthetic accounts, which have been long used by cybercriminals to fraudulently obtain loans and credit lines, are now increasingly being used for committing healthcare fraud and other crimes, says the report, a collaboration between analysts at the Health Information Sharing and Analysis Center and consulting firm Booz Allen Hamilton.

“I saw plenty of this in the banking and finance sector, and it certainly happens in the healthcare sector with the creation of fake medical providers and fake businesses that bill insurers and the government for services never delivered,” Errol Weiss, Health-ISAC chief security officer, told Information Security Media Group.

“What’s new here is the abundance of stolen PII in criminal forums plus the commodity use of artificial intelligence tools that fuel the creation of massive numbers of synthetic IDs.”

The full report was released last month for H-ISAC members, but the organization released an executive summary for the public this week.

In terms of “product abuse” threats, healthcare organizations with internet-facing websites “are easy targets for actors that employ compromised user credentials, proxy networks, and customizable crimeware to carry out account takeovers, or unauthorized access” to systems such as health record systems, the report says.


Continue reading this article in Healthcare InfoSecurity:


Access the Executive Summary to the Threat Report here:


Translate »