Almost a year after the devastating WannaCry attack badly affected NHS organisations, a new threat to healthcare has been identified by software company Symantec.
Symantec states that an attack group dubbed Orangeworm is deploying Kwampirs malware in a targeted campaign against the healthcare sector and related industries. Kwampirs is a backdoor Trojan that provides attackers with remote access to computers.
The malware collects information from compromised computers and Orangeworm can use this information to determine whether the system is used by a researcher or if the victim is a high-value target. If the device is of interest, Orangeworm can then spread the malware across open network shares to infect other computers.
According to Symantec, around 40% of the group’s targets operate within the healthcare industry.
The Kwampirs malware has been found on medical devices including imaging devices such as X-Ray and MRI machines. Orangeworm has also been said to have an interest in machines used to assist patients in completing consent forms.
Most of Orangeworm’s targets are located in the US, with 17% of attacks taking place within the states. And whilst Orangeworm has only impacted a small set of victims, Symantec warn that it has seen infections in multiple countries due to victims operating large international corporations.
In response to the news, Sara Jost, global healthcare industry lead at BlackBerry, said:
“Healthcare is an industry under siege. This statement was true this time last year when the NHS was hit by Wannacry and underscored by the latest discovery of new attack group, Orangeworm, which has been targeting various countries, 32% of which are in Europe. Care providers are targeted by cybercriminals with greater frequency than any other organisation. And thanks to old equipment and flagging security standards, these attacks find success far more often than they should.
Although healthcare isn’t the only industry targeted, it appears almost 40% of its victims operate within the healthcare industry and it appears to choose targets carefully and deliberately. From a criminal’s perspective, healthcare records are a golden goose. They contain all the information necessary for medical identity fraud, an extremely lucrative crime. And they sell for up to ten times the price of stolen credit card numbers on the black market.
This is compounded by the fact that healthcare security still lags well behind other industries. It is easier for a criminal to lift medical data from several small clinics than it is to steal money from a bank, for example. Given the potential for a much greater payoff, it isn’t difficult to see why so many criminals have hospitals and clinics in their crosshairs.
The heart of healthcare’s cybersecurity woes can be traced to a single cause – the men and women who run healthcare organisations are clinicians, not IT professionals. Though brilliant physicians and businesspeople, they are not security experts. They allot most their organisational budget towards excellent patient care and medical advances.
IT is often an afterthought, even as more and more healthcare data is digitised. The entry of connected devices into hospitals and clinics will make things even worse if left unaddressed. Internet of Things (IoT) medical devices like infusion pumps and cardiac implants frequently contain vulnerabilities with the potential to be life-threatening. As for regulations and security standards – which many providers already have difficulty adhering to – they have failed to evolve as quickly as the threat landscape.
Device makers and care providers alike need to stop treating care and security as two separate entities. They aren’t. Ensuring health data is safe from people who’d misuse it is just as much a part of effective patient care as efficient treatment.”