New Hacker Group Targets Healthcare Industry
By Jon Sands, AGS Core Technologies
Cyber-security firm Symantec has identified a new cyber-criminal group. The group named Orangeworm is conducting targeted attacks against the healthcare sectors in the US, Europe and Asia. The largest number of victims was in US (17%). India (7%), Saudi Arabia (7%), Philippines (5%), and Hungary (5%), are also in Orangeworm’s crosshairs.
Orangeworm has been observed installing a custom backdoor, a Trojan called , on machines that had software installed for the use and control of high-tech imaging devices such as 3D x-ray and MRI. A backdoor attack gives access to a computer system or encrypted data and bypasses the system’s security apparatus. However, hackers can also use backdoors that they detect or install themselves.
The malware has been deployed within all levels of the healthcare industry. Organizations that include individual practices, pharmaceuticals, insurance companies, personal injury attorneys and equipment manufacturers that serve the healthcare industry, according to Symantec’s research. Most alarmingly, Symantec also found the malware on devices used to assist patients in completing consent forms for required procedures.
According to Symantec telemetry, almost 40% of Orangeworm’s confirmed victim organizations operate within the healthcare industry. The exact motives of the group are unclear, it adds. The most likely scenario is data collection. Orangeworm could be collect the data within these systems and selling them to the highest bidder. Medical records tend to include Social Security numbers, vital statistics and sometimes bank account information. Information that can prove valuable to identity thieves and nefarious marketing companies.
“While Orangeworm has impacted only a small set of victims in 2016 and 2017, according to Symantec telemetry, we have seen infections in multiple countries due to the nature of the victims operating large international corporations”, the study says.
First identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims.
Symantec also recommends medical providers get their systems scanned and imaging devices patched as soon as possible. Orangeworm’s activity has elevated, as of late, and all systems are vulnerable.
Jon Sands is the Business Development Executive for AGS CORE Technologies in Stuart, FL. AGS CORE Technologies is your trusted IT partner and cyber security experts on the Treasure Coast.