A public hospital in Washington state is suing Bank of America to recoup some of the losses from a $1.03 million cyberheist that the healthcare organization suffered in 2013.
In April 2013, organized cyber thieves broke into the payroll accounts of Chelan County Hospital No. 1 , one of several hospitals managed by the Cascade Medical Center in Leavenworth, Wash. The crooks added to the hospital’s payroll account almost 100 “money mules,” unwitting accomplices who’d been hired to receive and forward money to the perpetrators.
On Thursday, April 19, and then again on April 20, the thieves put through a total of three unauthorized payroll payments (known as automated clearing house or ACH payments), siphoning approximately $1 million from the hospital.
Bank of America was ultimately able to claw back roughly $400,000 of the fraudulent payroll payments. But in a complaint (PDF) filed against the bank, the hospital alleges that an employee on the Chelan County Treasurer’s staff noticed something amiss the following Monday — April 22, 2013 — and alerted the bank to the suspicious activity.
“Craig Scott, a Bank of America employee, contacted the Chelan County Treasurer’s office later that morning and asked if a pending transfer request of $603,575.00 was authorized,” the complaint reads. “No funds had been transferred at the time of the phone call. Theresa Pinneo, an employee in the Chelan County Treasurer’s Office, responded immediately that the $603,575.00 transfer request was not authorized. Nonetheless, Bank of America processed the $603,575.00 transfer request and transferred the funds as directed by the hackers.” Continue reading →