Hackers Go After X-Ray, MRI Machines for Corporate Espionage

A mysterious hacking grouping has been spying on the healthcare sector by going as far to infect computers that control Ten-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to exist a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Over the past iii years, the hacking grouping Orangeworm has been secretly delivering the Windows-based malware to virtually 100 different organizations, said Jon DiMaggio, a security researcher at Symantec. The biggest number of victims, at 17 percent, accept been based in the US.

The hackers have been peculiarly interested in legacy Windows XP systems, which can end up controlling new medical equipment including Ten-ray and MRI machines, he said. The malware used was capable of taking remote control over a calculator, and spreading itself over a network.

Evidence shows that the hackers were focused on collecting information about the infected computers and their networks. DiMaggio speculates this may take been done to larn how to pirate the medical software onboard.

Information technology isn't clear how the malware was delivered, merely Symantec suspects phishing emails were probably used.

Orangeworm

Although what Orangeworm wanted isn't fully known, the grouping has been targeting the entire healthcare supply chain. The victims accept included healthcare providers, medical equipment manufacturers, It organizations that offer support services, and logistic companies that evangelize the products to clients. For instance, an infection at a pharmaceutical software vendor that prints labels on bottles was what sparked Symantec's investigation into the hacks.

However, Symantec is refraining from blaming the spying on state-sponsored cyberspies. One big reason is because the hacking has been "noisy" and easy for security researchers to spot —a trait that doesn't match with sophisticated authorities hackers. Instead, it's more likely that Orangeworm is a corporate entity or hackers-for-hire, DiMaggio said.

Symantec has worked with the victims to clean up the infections, but the whole incident underscores how vulnerable any system can exist. Imagine if the hackers had installed memory-wiping malware on the computers, DiMaggio said.

"This is sort of a wakeup call. Information technology could be much worse next fourth dimension," he added.

DiMaggio encourages businesses to patch legacy systems when possible and to carve up corporate networks into smaller, securer subnetworks in what's called "network division" then that they can protect themselves from futurity attacks.