Dive Brief:
- Chelan County Hospital No. 1, which is managed by Cascade Medical Center in Washington, is suing Bank of America after losing $1.03 million in a cyberheist that occurred in 2013.
- A team of thieves reportedly hacked the hospital's payroll accounts and added "money mules"—unwitting accomplices that were hired to receive money and forward it to the thieves. On two different dates, the thieves put through a total of three unauthorized payroll payments, reports KrebsonSecurity.
- The hospital alleges that even after it noticed suspicious activity and notified the bank, and specifically told the bank that a pending transfer request of $603,575.00 was not authorized, the bank processed that request and transferred the money.
Dive Insight:
Bank of America was able to recover $400,000 of the stolen money, but apparently isn't on the hook for the rest—hence the lawsuit.
According to KrebsonSecurity, businesses do not have the same banking protections as individual consumers, leaving legal action as their only recourse if a bank chooses not to reimburse them.
"That means that it's generally not in the business's best interests to sue their bank unless the amount of theft was quite high," the site notes.
It adds that there have been dozens of similar cybercrimes over the past five years, and recommends that businesses keep a close eye on their books and institute policies to protect themselves, such as requiring more than one employee to approve any large transfer.