According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)
Symantec believes that the cybergroup does not randomly select their victims, but rather carefully and deliberately chooses their targets and then carefully plans and launches their attack. The malware has been found on high-tech imaging devices such as X-ray and MRI machines, in addition to machines used to assist patients in completing consent forms for required procedures. (1)
When the malware is installed, it gathers information about the network, system, and language settings, to determine whether the victim is a high-value target. If it is decided that the victim is of interest, the malware is aggressively copied across open network shares to infect other computers. It continues to retrieve information regarding the victim’s network, such as information about recently accessed computers, network adapters, available network shares, mapped drives, and computer files. (1, 2)
To help prevent a potential attack, Symantec recommends that healthcare organizations should follow basic security best practices, including:
These recommendations from Symantec are also encouraged to help combat other types of cyberattacks, including ransomware and PHI data theft. (2)