According to The Wenatchee World's Jefferson Robbins, hackers recently stole more than $1 million from an online bank account belonging to Cascade Medical Center in Leavenworth, Wash. (h/t Becker's Hospital Review).
On Monday, April 22nd, Chelan County Treasurer David Griffiths' office apparently noticed three unauthorized transaction files from the previous Friday, which moved $1.03 million from the hospital's ACH account to 96 different bank accounts, most of them in the Midwest and East Coast. Griffiths told The Wenatchee World that about $133,000 of the stolen funds have been recovered.
The fact that the transactions were completed on a Friday may have given the hackers time to access the money before the transactions were reviewed the following Monday. The stolen funds comprise a significant portion of the nonprofit hospital's $13.2 million budget.
Krebs on Security's Brian Krebs spoke with two people who helped to launder more than $14,000 of the stolen money. One of them, Jesus Contreras of San Bernadino, Calif., was contacted by a company called Best Inc., which claimed to have found his resume on Careerbuilder.com, and told him he'd be forwarding payments to overseas software developers that worked for the company. After the first transfer of $9,180, Bank of America froze his account.
"I’m asking myself how I fell for this because the money seemed too good to be true," Contreras told Krebs. "But we’ve got bills piling up, and my dad has hospital bills. I didn’t have much money in my account, so I figured what did I have to lose? I had no idea I would be a part of something like this."
To avoid being hit by a similar attack, Krebs offers a useful list of online banking best practices for businesses here.