New hacker group targets US health-care industry, researchers say

New hacker group targets US health-care industry, researchers say
© Getty Images

A new hacking group has been spying on health-care organizations in the United States and across the globe likely for commercial purposes, according to cybersecurity firm Symantec.

The group, which Symantec has named “Orangeworm,” has been installing backdoors in large international corporations based in the U.S., Europe and Asia that operate in the health-care sector.

Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations.


Health-care organizations have in recent years emerged as a prime target for cyber criminals, including those looking to deploy ransomware in order to generate a profit. 

Symantec suspects that the Orangeworm hackers are breaching these organizations likely to carry out corporate espionage, such as the theft of trade secrets. The cyber firm found no evidence that the group is operating on behalf of a nation-state.

“Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking,” Symantec said in a report published Monday. “Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack.”

The hackers, which have been active since early 2015, infiltrate networks of their victims and install malware that allows them remote access to the compromised machine. 

Researchers discovered malware on machines involved in high-tech imaging, such as MRI machines and X-ray machines. They also found malware on machines used by patients to complete consent forms for medical procedures.