[TLP:CLEAR, ID#202403181500, Page 1 of 3]
U.S. Department of Health and Human Services
Health Sector Cybersecurity Coordination Center (HC3) www.HHS.GOV/HC3
HC3: Sector Alert
March 18, 2024 TLP:CLEAR Report: 202403181500
Credential Harvesting and Mitigations
Executive Summary
Cyberattacks against healthcare facilities can involve credential harvesting, which may lead to a disruption
of operations. Credential harvesting, also known as credential stealing or credential phishing, is a
technique that cybercriminals can use to obtain sensitive login credentials like usernames, passwords,
and personal information. These credentials operate as the gateway to an individual's digital identity, and
can grant access to various types of information, such as online accounts and health data. The methods
employed for credential harvesting are diverse, ranging from sophisticated phishing emails to fake
websites and social engineering tactics.
Report
The healthcare sector commonly makes use of digital technologies to manage patient data, streamline
operations, and enhance medical services. Credential harvesting refers to the process of stealing user
authentication credentials for malicious purposes. Attackers can employ various techniques to obtain
these credentials, including phishing, keylogging, and brute force attacks. Once acquired, these
credentials can be used to gain unauthorized access to sensitive data, systems, or networks. There are
multiple ways attackers can accomplish credential harvesting, and their goal is to convince a user to enter
their login credentials into a malicious outlet, enabling the attacker access to the user's account.
• Phishing: Phishing attacks involve sending deceptive emails or messages that appear to be from
legitimate sources. These emails aim to trick users into providing their login credentials on fake
websites or through other means.
• Keylogging: Keyloggers are malicious software or hardware that record keystrokes entered by
users, capturing sensitive information such as usernames and passwords.
• Brute Force Attacks: In brute force attacks, attackers systematically try numerous combinations of
usernames and passwords until they discover the correct credentials to access a system or
account.
• Person-in-the-Middle (PITM) Attacks: In PITM attacks, hackers intercept communication between
two parties, capturing login credentials exchanged during the authentication process.
• Credential Stuffing: Attackers use previously compromised credentials to gain unauthorized access
to other accounts where users have recycled the same username and password.
Credential harvesting can lead to data breaches, exposing patients’ confidential information, including
medical records, personal details, and other types of data. These breaches are capable of impacting
patient privacy, and can negatively impact healthcare operations by giving an attacker access to deploy
malware or conduct other nefarious operations. Accessing healthcare systems through credential
harvesting can disrupt critical services, such as patient care delivery and administrative functions. System
downtime and compromised infrastructure can impede medical professionals’ abilities to access essential
resources and provide timely care.
Impact to the HPH Sector
Credential harvesting is capable of disrupting normal operations, impeding the delivery of vital services
and patient care. When systems are compromised, entities may experience downtime, inability to access