X-ray, MRI machines hacked by cybercriminals
Australian healthcare providers are being urged to assess their cybersecurity after a new group of hackers was found attacking entire supply chains for X-ray and MRI machines overseas.
This week cybersecurity software company Symantec announced the discovery of the group, dubbed Orangeworm and traced it back to 2015.
The hackers, focused largely on the US but also with a footprint in Asia and Europe, use Trojan.Kwampirs malware to gain remote access to compromised computers within large international corporations.
“This is not indicative that Australia is immune,” Symantec chief technology officer Nick Savvides told AAP.
Almost 40 per cent of the known victims operate within the healthcare industry while the hackers’ secondary targets include IT support services for medical clinics and manufacturers producing imaging equipment.
The backdoor trojan was found on machines housing software to help use and control X-ray and MRI scanners.
Mr Savvides said it was likely for the purpose of corporate espionage, adding that affected organisations cannot be publicly named.
“Those attacks tell me these guys are after information around those systems and around the way these healthcare systems are put together,” he said.
“That’s pretty scary because they’re either using that information to build different types of systems or to collect that information, bundle that on and sell it.
“We don’t really know what the motivation is yet. They could have been setting up for a bigger attack.”
Mr Savvides said healthcare is a “huge sector for attack” due to old hospital equipment, public networks and the value of patient information on the black market, which can sell up to 25 times more than normal identity data.
“You can use a lot of that information to falsify things like prescriptions, insurance rebates and whatnot,” he said.
“It highlights to consumers that their information can and will be lost and they need to have a plan on how to deal with that.”
The onus of cybersecurity falls on corporations of all sizes, including small medical surgeries without “an IT guy” that may rely on the “local computer shop” to manage their private operating systems, Mr Savvides said.
“If you’re an attacker, they’re the ones you want to go after,” he said.
“It’s people that are the last line of defence, they’re the ones that are falling victim to something, they’re following a link, or running a piece of software.
“The user is tricked into doing something that then gives the bad guys a foothold.”
Symantec believes the attacks are the work of an individual or small group, rather than a state-sponsored sector, although there are currently no technical or operational indicators of Orangeworm’s origin.