Hackers Using Imagers to Access Your Data
Your imaging machine may be looking through more than your patients.
The data company Symantec warns providers and facilities that a hacker group named Orangeworm is using software used to control X-ray and magnetic resonance imaging (MRI) machines to access personal health information (PHI) and other data. Symantec admits the exact motives of the group are unclear.
Hackers Favoring Healthcare
While attacking industries all over the world, Orangeworm’s Kwampers malware is largely being found on healthcare systems. The group, Symantec reports, has an interest in machines in used to assist patients in competing consent forms for required procedures, such as kiosks and pad computers.
Symantec said, “We believe that these industries have also been targeted as part of a larger supply-chain attack in order for Orangeworm to get access to their intended victims related to healthcare. Orangeworm’s secondary targets include Manufacturing, Information Technology, Agriculture, and Logistics. While these industries may appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products.”
Once Orangeworm bores its way into a victim’s network, they deploy Trojan. Kwampirs, providing the shady organization with remote access to the compromised computer. Resourceful, it evades hash-based detection but doesn’t seem to exhibit any concern about being discovered.
Hackers LOVE Older Machines
Symantec warns that, “Kwampirs uses a fairly aggressive means to propagate itself once inside a victim’s network by copying itself over network shares. While this method is considered somewhat old, it may still be viable for environments that run older operating systems such as Windows XP. This method has likely proved effective within the healthcare industry, which may run legacy systems on older platforms designed for the medical community. Older systems like Windows XP are much more likely to be prevalent within this industry.”
Kill Hackers with Compliance
Make sure your compliance plan includes up-to-date security, both installed on computers and your organization’s IT equipment. Check to assure your IT staff is aware of this threat.