‘Orangeworm’ malware presents new challenge to healthcare sector

Healthcare and IT service providers across Europe, the US and Asia are among the targets of recently identified cyber-crime group, researchers warn.

A cyber-attack group dubbed Orangeworm has been observed using the Kwampirs malware, a custom backdoor Trojan to remotely access computers in major healthcare industry organisations - and then spread over a local network.

Researchers from software firm Symantec, who first identified the attack group, found the Kwampirs malware on medical devices such as X-ray and MRI machines as well as machines used to help patients complete consent forms for required procedures.

The targeted organisations include healthcare providers, pharmaceutical firms, IT service providers for healthcare, and equipment manufacturers that serve the healthcare industry.

The researchers believe the malware is looking to get into sensitive medical information in carefully selected targets.

The group appears to choose its targets carefully and deliberately, carrying out careful planning before launching an attack, though researchers aren’t sure yet exactly what the ultimate aim of Orangeworm is.

According to Symantec telemetry, almost 40% of Orangeworm’s confirmed target organisations operate in the healthcare industry, followed by manufacturing and IT (15% each), and logistics and agriculture (8% each).

'Medical machines actively being targeted by hackers'

“This group is clearly organised, with strong motivations and the capability for developing sophisticated malware,” said Jon DiMaggio, senior threat intelligence researcher at Symantec, in a recent interview.

“What they do is clearly aimed at collecting information across the entire healthcare supply chain of their targets. You don’t really see that. What we’re seeing is corporate espionage, not for the sake of sabotage or destruction of equipment, and not for financial gain.

“The situation could be so much worse; these guys have the capability to wipe hard drives or destroy equipment,” DiMaggio said.

“The wake-up call in this is to take note of what happened today, so we’re not having a worse discussion tomorrow. Implementing basic security procedures like patching and network segmentation would prevent this threat with minimal work. And, the healthcare community as a whole needs to push their software vendors to consider security more so than ease-of-use.”

This isn’t the first time hackers have found their way into medical devices.

Last year, when the WannaCry ransomware hit hospitals across the world, it found its way onto vital radiology equipment. And cybersecurity researchers have long warned about the vulnerability of medical machines.

But now, with Orangeworm, it’s clear that such tech is actively being targeted by surreptitious hackers.

In fact, according to a recent Deloitte & Touche poll, identifying and mitigating the risks of fielded and legacy connected devices represent’s healthcare’s biggest cybersecurity challenge.


Related information:

Medical devices and the Internet of Things: A three-layer defense against cyber threats (Deloitte & Touche, 2017)

Related News

Interoperability: The Ripple Effect

Some projects are now cracking the interoperability puzzle, reaping the benefits and seeing the impact.

Does caring mean sharing?

Anxieties about patient data confidentiality continue to simmer in the wake of the ICO’s report into DeepMind’s partnership with the Royal Free

How connectivity and interoperability can drive patient centric care

To find out, attend the webinar on 25 September 2018