Microsoft disrupts phishing campaign targeting U.S. healthcare sector

Microsoft has dismantled a phishing operation that targeted more than 20 healthcare organizations across the United States, the company confirmed Thursday.

The American Hospital Association reported that the attackers, using a phishing kit dubbed “RaccoonO365,” relied on a network of fake websites designed to harvest Microsoft 365 credentials from hospital staff. Once compromised, these accounts could have exposed sensitive patient records and disrupted hospital operations.

The phishing emails mimicked legitimate hospital communications, directing victims to convincing but fraudulent login portals. According to Microsoft, its intervention successfully took down the malicious infrastructure and affected organizations were notified.

Healthcare remains among the most targeted sectors due to its reliance on fast communication and the high resale value of patient data on underground markets. Experts stress that even with takedowns, phishing remains a cyclical threat. “The attackers only need one click to succeed,” one researcher told the AHA.

Microsoft urged healthcare providers to adopt phishing-resistant multifactor authentication, employee training, and faster incident response measures to strengthen resilience.