Healthcare organizations across the U.S. have been alerted by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center regarding the increasing prevalence of search engine optimization poisoning attacks, reports HealthITSecurity.
Threat actors could leverage SEO poisoning, which could be facilitated through typosquatting attacks that involve highly convincing fake sites promoted on top of search results, to enable credential theft and malware distribution efforts in U.S. health providers, resulting in financial losses, said the HC3 in its analyst note. More prevalent typosquatting attacks should prompt health organizations to use digital risk monitoring tools and indicators of compromise lists, as well as implement security system upgrades and workforce education initiatives. "Organizations should carefully check every new domain that is registered on the Internet that contains similarities with any of their brands or names. As attackers often register domain names that are very similar to the legitimate ones, it is possible to detect them quickly in most cases, immediately analyze the situation, and take action to mitigate the risk," said the HC3.
US healthcare increasingly targeted by SEO poisoning attacks
Healthcare organizations across the U.S. have been alerted by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center regarding the increasing prevalence of search engine optimization poisoning attacks.
Such a development comes months after National Public Data admitted the exposure of a database stolen from a December 2023 breach beginning in April, which was then followed by civil penalties being sought by over 20 states as well as potential fines from the Federal Trade Commission.
Investigation into the incident revealed the exfiltration of personal data from Casio and its affiliates' permanent and temporary employees, business partners, customers, and interviewed prospects for employment, as well as contracts with business partners.
Aside from the names and contact information of 2,606 Game Freak employees and contractors, such data exposure also revealed internal files, concept art, and other development documents from over 25 years ago, including designs from Pokemon Black and White, source patch files for Pokemon Black and White 2, and Pokemon Go test build assets.