Skip to main content

Windows-powered medical scanners are being hit by health care hackers

Liz West / Flickr (Creative Commons)

Hackers have been targeting medical scanning equipment like X-ray and MRI machines for the past few years and some of them have been very successful. While the attacks raise the potential of the theft of personal patient medical data, they appear to be centered around learning how certain medical software operates, possibly as part of an industrial espionage campaign.

While much of the world’s PCs have today moved on to more modern and secure operating systems like Windows 10, old equipment like medical scanners can still be found using ancient legacy platforms like Windows 95. That’s been the case with a number of X-ray and MRI machines which have been targeted by a group known as Orangeworm, who over the past few years have infected more than 100 different health care organizations with malware.

Recommended Videos

A Symantec report on this problem shows that health care providers have been the biggest target for this kind of malware, with some 39 percent of the group’s attacks in recent years targeting that industry. Other common targets are IT and manufacturing, along with agriculture and logistics to a lesser extent. However, each of those targets has been part of the medical supply chain, suggesting a coordinated effort to understand the entire health care industry’s IT infrastructure.

What’s confusing the security professionals, however, is that the attacks don’t appear to have a clear purpose. While they seem to use phishing emails as an attack vector — a common method for many malware types — they don’t seem to share many characteristics with more traditional digital assaults. No data appears to have been stolen, no ransoms are being demanded, and the systems aren’t left running cryptominers.

That leaves security researchers like those at Symantec unsure about who is truly responsible. As PCMag points out, the lack of a clear goal may suggest state-sponsored hackers, but the fact that the attacks are relatively unsophisticated suggests otherwise.

Regardless though, Symantec and its contemporaries see this as a wake-up call for the health care industry to overhaul its digital security. While these attacks have so far been rather benign, there’s little stopping those responsible from returning with much more dangerous plans in mind. Malicious software could wipe patient records, steal information, or shut down much needed medical equipment, potentially putting lives at risk.

The general advice given, for now, is for institutions to update their systems where possible and, where not, to isolate them on smaller, localized networks so that they aren’t so easily accessed.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more
This PowerPoint ploy could help hackers empty your bank account
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

 

With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more