Hacker Group Targets Healthcare Providers

Data security vendor Symantec is warning of a new and significantly dangerous hacker ring targeting large healthcare organisations in the United States, Europe and Asia.

“Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwempirs,” the vendor notes.

Orangeworm is looking for targets to engage in corporate espionage in healthcare and other industries. Targets are chosen carefully and deliberately with extensive planning before an attack is made, Symantec experts contend. Data from the security organisation suggests that healthcare is the top target for the hackers, it says that 39 percent of attacks have been aimed at healthcare organisations, with manufacturing, information technology, logistics and agriculture also in their crosshairs.

So far, Symantec has found Kwempirs malware placed on diagnostic imaging machines in healthcare organisations. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures.

The vendor acknowledges that exact motives of the Orangeworm group are unclear, but the company believes other industries have been targeted as part of a larger supply chain attack to enable Orangeworm to get access to healthcare organisations.

“While these industries appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organisations that provide support services to medical clinics, and logistical organisations that deliver healthcare products.”

The installed backdoor into an organisation collects information from the infected computer, which Symantec surmises can help a hacker know if the computer is used by a researcher or a higher-value target. 

“Once Orangeworm determines that a potential victim is of interest, it proceeds to aggressively copy the backdoor across open network shares to infect other computers.”  

Further, with healthcare’s reliance on older operation systems, particularly Windows XP, Orangeworm does not appear to be overly concerned about being discovered.

Information-Management

You Might Also Read: 

British Healthcare System Spends £150m Extra On Cybersecurity:

Cyber Attacks Focus On Healthcare:
 

« Re-Thinking The Threat Of Ransomware
How To Beat The Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

Axoflow

Axoflow

Axoflow helps organizations to consolidate their existing solutions for logs, metrics, and traces, and evolve them into a cloud native observability infrastructure.