Cybercriminals stole the health records of more than 9 million Americans last year, according to data from U.S. Health and Human Services. The data collected includes breaches from hospitals, health insurers and other health organizations covered by the Health Insurance Portability and Accountability Act, which makes breaches public when they affect more than 500 people.
The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.