Orangeworm is Wreaking Havoc on the Healthcare Sector

Orangeworm is Wreaking Havoc on the Healthcare Sector

Published: June 12th, 2018

According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)

Symantec believes that the cybergroup does not randomly select their victims, but rather carefully and deliberately chooses their targets and then carefully plans and launches their attack. The malware has been found on high-tech imaging devices such as X-ray and MRI machines, in addition to machines used to assist patients in completing consent forms for required procedures. (1)

When the malware is installed, it gathers information about the network, system, and language settings, to determine whether the victim is a high-value target. If it is decided that the victim is of interest, the malware is aggressively copied across open network shares to infect other computers. It continues to retrieve information regarding the victim’s network, such as information about recently accessed computers, network adapters, available network shares, mapped drives, and computer files.  (1, 2)

To help prevent a potential attack, Symantec recommends that healthcare organizations should follow basic security best practices, including:

  • Ensure the use of a firewall to block all incoming connections from the internet to services that should not be publicly available
  • Enforce a complex password policy
  • Ensure that staff are permitted the lowest level of privileged to fulfill their job duties
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives
  • Turn off file sharing and all unnecessary services if not needed
  • Ensure software patches are current
  • Configure email server to block suspicious file attachments
  • Isolate infected computers to reduce the spread of malware
  • Train employees on email security and how to deal with phishing emails
  • Turn off Bluetooth if not required for mobile devices
  • Do not accept any emails or attachments that are unsigned or sent from unknown sources (2)

These recommendations from Symantec are also encouraged to help combat other types of cyberattacks, including ransomware and PHI data theft. (2)