A brand new group of hackers is targeting systems tied to healthcare businesses in the U.S. And around the globe, security firm Symantec reports. The team, which Symantec has dubbed Orangeworm, has deployed a custom malware which Symantec has predicted on networks of healthcare companies and related organizations. The malware was spotted on computers used to control medical imaging devices such as X-ray and MRI machines, as well as some apparatus used to assist patients to fill out consent forms for medical processes. Symantec technical director Thakur states the organization’s researchers think the hackers are not attempting to steal patient data or interfere with medical work, but rather attempting to carry out some kind of industrial espionage involving the healthcare industry.


Additionally, it is affected companies like pharmaceutical companies medical equipment makers and healthcare IT firms. The malware probably found its way onto the imaging machines as it spread through provider networks, Thakur states. We think it’s purely collateral damage, he states. It does, at the end of the day, provide healthcare providers a warning to take better care of the gear that is connected to medical apparatus. There is always a danger that having code operate on healthcare equipment might make it less stable, but there is been no indication of such a difficulty here, he states. Orangeworm is not the first digital security problem to affect the healthcare industry.


According to one report by Citrix Sharefile, the medical industry saw over 300 data breaches in 2017, at an estimated cost of over $1 billion. Last year’s notorious WannaCry ransomware outbreak compelled hospitals around the globe to turn away patients and delay processes following their personal computer networks have been infected by the malware. That attack has was blamed on North Korea. In other ransomware attacks, hospitals have occasionally even paid hackers to regain access to files that were valuable. The Orangeworm attack seems unlikely to be connected to any authorities, according to Symantec, which states in a Monday report it has not seen any indications of the group’s source.


There is no indication that the team has employed any previously unknown software defects to get access to the affected networks, Thakur states. Instead, the team has used a mix of social engineering, and previously identified vulnerabilities to get the network, he says, although he refused to go into too much detail citing ongoing investigations. Although this method is considered somewhat old, it can be feasible for environments that run older operating systems such as Windows XP, according to the company. This method has probably proved successful inside the medical industry, which might run legacy systems on older platforms designed for the health community. Older systems such as Windows XP is much more prone to be common within this industry. The attackers then usually run pretty generic commands at gain access to information such as user accounts, computer names, along with other lately contacted the machines, which could determine which machines are of interest, says Thakur. To date, it is unclear exactly what kind of info they are looking to steal.