Hackers take half million Dollar from Hospital, Probably gone to Russia

Leavenworth’s hospital district stands to recover less than half of the $1.03 million stolen in a damaging online banking theft in April.
Chelan County Treasurer David Griffiths, whose office manages the ACH account for Chelan County Public Hospital District No. 1, said Cascade Medical Center has definitely lost at least $478,886 of the total theft.
“It’s gone,” Griffiths said Friday. “Probably gone to Russia.”
About $414,800 has been recouped through coordination with outside banks where the money was fraudulently transferred. Another $109,379 from the April 19 theft remains at issue, and may not be recoverable, Griffiths said.
“It’s not been easy, I’ll tell you that. We’re still struggling with it. It’s been a lot of long hours, and this goes for the hospital too.”
The theft, from county funds held with Bank of America, was initiated on April 19 but not discovered until April 22, a Monday. Griffiths’ office noted three unauthorized transaction files that shipped a total of $1.03 million to 96 separate accounts across the country.
From there, much of the lost money was likely funneled out through wire transfers and cash withdrawals. Brian Krebs, a cybersecurity journalist, attributed the crime to hacker organizations operated from Russia and Ukraine, which hired or subcontracted freelance “mules” through a wide-ranging set of work-from-home frauds.
“I don’t know for sure, but I would guess they had almost 100 money mules they used in that scam,” said Krebs, whose blog KrebsOnSecurity identified two U.S. men bamboozled into making money transfers for the gang from their home computers. “I’d bet they probably used four or five mule recruitment networks to get that many mules.”
Criminal hackers use a variety of methods to crack banking security, including installing malware on computers to track web browsers and log keystrokes. If they succeed, they must use other methods to launder the money through the banking system, such as hiring unwitting human mules to conduct the subsequent wire transfers — a few thousand dollars each.
Krebs said the attack fits the methods of a hacker network he’s studied for four years.
“It seems like this is an organization that’s got everything it needs to perpetrate these crimes. That said, it does appear that they rely on other mule recruitment gangs to help them cash out the stolen funds.”
Cascade Medical Center executive director Diane Blake couldn’t be reached for comment Monday. Supervisory Senior Resident Agent Frank Harrill, who oversees the Spokane FBI office, said his bureau is still investigating.
“I can’t talk about progress in the investigation, understanding that it is in a very preliminary phase,” Harrill said.
The recovered funds have been netted in part by Bank of America’s internal fraud division. Krebs said online banking users can best protect their accounts by using one computer dedicated to that purpose only, “preferably one that’s not running Microsoft Windows.”
“I’m not saying Macs are any more secure,” Krebs said. “They’re not. The point is they’re not attacking Macs at this point.”
“I think the process is a secure process, if it’s properly used,” said Griffiths, who oversees accounts for 55 Chelan County taxing districts, plus the county itself. “The way governments and businesses operate — this idea of electronic transactions, like it or not, it’s not going anywhere.