US healthcare increasingly targeted by SEO poisoning attacks

Healthcare organizations across the U.S. have been alerted by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center regarding the increasing prevalence of search engine optimization poisoning attacks, reports HealthITSecurity. Threat actors could leverage SEO poisoning, which could be facilitated through typosquatting attacks that involve highly convincing fake sites promoted on top of search results, to enable credential theft and malware distribution efforts in U.S. health providers, resulting in financial losses, said the HC3 in its analyst note. More prevalent typosquatting attacks should prompt health organizations to use digital risk monitoring tools and indicators of compromise lists, as well as implement security system upgrades and workforce education initiatives. "Organizations should carefully check every new domain that is registered on the Internet that contains similarities with any of their brands or names. As attackers often register domain names that are very similar to the legitimate ones, it is possible to detect them quickly in most cases, immediately analyze the situation, and take action to mitigate the risk," said the HC3.