Report: Advanced Hacker Group, Orangeworm, Targeting Healthcare Industry | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Advanced Hacker Group, Orangeworm, Targeting Healthcare Industry

April 23, 2018
by Heather Landi
| Reprints
Click To View Gallery

A new attack group, dubbed Orangeworm, is conducting targeted cyber attacks against healthcare organizations in the United States, Europe and Asia, according to a new report from researchers at cybersecurity firm Symantec.

And, researchers have observed that the hackers have gotten footholds on the computers controlling high-tech imaging devices, such as X-Ray and MRI machines. Cybersecurity researchers have long warmed about the vulnerability of connected medical devices, and this latest research indicates that hackers are actively targeting medical machines.

The researchers also note that the hacker group does not appear to be linked to a nation-state actor. “While Orangeworm is known to have been active for at least several years, we do not believe that the group bears any hallmarks of a state-sponsored actor—it is likely the work of an individual or a small group of individuals. There are currently no technical or operational indicators to ascertain the origin of the group,” the researchers state.

First identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims, Symantec researchers report. “Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufactures that serve the healthcare industry, likely for the purpose of corporate espionage,” the report states.

The hackers deploy a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia.

According to the Symantec report, the hacker group has deliberately set its sights on healthcare. “The group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack,” the report states, noting that nearly 40 percent of Orangeworm’s victim organizations operate within the healthcare industry.

“The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures. The exact motives of the group are unclear,” the report states.

Researchers have found that the biggest number of Orangeworm’s victims are located in the U.S., accounting for 17 percent of the infection rate by region. While Orangeworm has impacted only a small set of victims in 2016 and 2017, according to Symantec telemetry, researchers have seen infections in multiple countries due to the nature of the victims operating large international corporations.

“We believe that these industries have also been targeted as part of a larger supply-chain attack in order for Orangeworm to get access to their intended victims related to healthcare. Orangeworm’s secondary targets include manufacturing, information technology, agriculture, and logistics. While these industries may appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products,” the researchers state.

In a blog posted today, the researchers note that the Kwampirs malware uses a fairly aggressive means to propagate itself once inside a victim's network by copying itself over network shares. “While this method is considered somewhat old, it may still be viable for environments that run older operating systems such as Windows XP. This method has likely proved effective within the healthcare industry, which may run legacy systems on older platforms designed for the medical community. Older systems like Windows XP are much more likely to be prevalent within this industry.”

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.