Medical information of patients is considered as highly-confidential, and people wish to keep it private. Privacy is a priority for many people who wish to keep their symptoms and medical histories a secret from the outside world. However, cyber criminals have attempted to harvest medical information, and in other instances, hackers have initiated various cyber-attacks against hospitals.
For instance, a member of the Anonymous group had commenced DDoS attacks on hospitals. There have been instances when health care companies accidentally revealed patients’ diagnoses over emails. For instance, Aetna insurance company has received criticism for sending letters with transparent envelopes, revealing that a receiver of the letter is battling HIV infection. Furthermore, you do not have to be a hacker to be interested in people’s medical records. Facebook had also designed a plan which would help them get access to medical information about its clients from the U.S. From the reactions of people, it is evident that users’ medical information is supposed to be well-guarded.
Orangeworm groups attacks organizations from the healthcare sector and hopes to steal information about patients
Security researchers from Symantec have informed the world of a new attack group dubbed Orangeworm. It specifically targets the healthcare sector and exploits the Kwampirs backdoor. The Orangeworm group had been before, and crooks from this clan were the ones installing the special backdoor named Trojan.Kwampirs. The group’s main targets include organizations that are closely-related to the healthcare sector: healthcare providers, pharmaceuticals, and IT specialists that work in the healthcare industry. Instead of focusing on one country, or one continent, the hackers attack hospitals in the United States, Europe and Asia.
The reason for attacking the healthcare sector is easy to explain. Orangeworm group is attempting to get access to sensitive medical information about patients. However, it is unknown whether hackers were planning to ask for ransoms in exchange for keeping medical records away from the public eye, or whether they would just dump their findings into the dark web for everyone to see. Back in 2017, a cosmetic surgery clinic had received ransom demands. The Lithuania-based clinic faced a data-breach, exposing their patients’ medical information.
The Orangeworm group definitely consists of professional hackers, and their actions are very well calculated. They do not aim to infect random people, and their every malicious attack is executed with precise goals in mind. Nearly 40% of all victims were organizations from the healthcare sector. Attackers would secretly install the Kwampirs backdoor into machines, and then aim to get remote access to the compromised tools. Additionally, the malware could also be transmitted over a local network.
Kwampirs backdoor would be installed into targeted machines
Even though the main targets of Orangeworm group are the organizations working within the healthcare sector, they have initiated a fair share of attacks against different types of companies. Nevertheless, all of the attacks against other organizations have been done for one purpose: to get access to healthcare companies. The malicious activity of the Orangeworm hackers Orangeworm cyber attack group targets health sector is said to have begun in 2015. According to Symantec:
“The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures”.
Researchers have stated that the activity of the Orangeworm group is not that difficult to detect. The malicious execution of the attacks should be noticed by trained IT specialists. However, from the fact that the attacks went on for so long, it is easy to say that the healthcare sector is not prepared for the possibility of being hacked.