Symantec has identified a hacker group dubbed Orangeworm that has been targeting the healthcare sector in several countries since 2015.
According to the cyber security vendor, Orangeworm has been installing a custom backdoor called Trojan.Kwampirs within large international organisations with operations in the US, Europe and Asia.
Trojan.Kwampirs is a Trojan horse able to open a backdoor on a computer and may also download malicious files. It was first discovered in August 2016 and affects Windows systems.
According to Symantec, the backdoor can collect basic network adapter information, system version information, and language settings. Once a possible victim is identified Orangeworm copies the backdoor available network shares and infect other computers.
Targeted attacks identified also affected related industries including healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry.
Orangeworm does not seem to operate randomly, instead it picks its victims carefully, found Symantec based on the list of known victims.
Of the confirmed affected organisations, healthcare accounts for 39 per cent of the attacks and IT and manufacturing with 15 per cent each.
"The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines," Symantec's security response attack investigation team said in a blog post.
"Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures" it said.
Symantec said that the motives behind the attacks is unclear, however they are likely to be of corporate espionage nature.
Orangeworm has affected organisations in several countries across the Americas, Europe and Asia but there was only a "small" number of organisations in 2016 and 2017.
Locally, Symantec is yet to confirm if any Australian organisations were affected, however if any the number is likely to be small as the US appears to have been the focus.
"I don't think that it is because Australia isn't vulnerable we just were not targeted by this particular group," Symantec Asia Pacific and Japan CTO, Nick Savvides, said.
According to Savvides, healthcare data can sell in the black market for between US$25 and US$40 per record, while an email address sells for cents.
Savvides explained that this happens due to the information contained within medical records which are generally very rich in PII (personally identifiable information) data and also has financial data associated with it.
The first quarterly Notifiable Data Breaches (NDB) report, published by the Office of the Australian Information Commissioner (OAIC), revealed that health services providers were the highest ranking in breaches reported with 24 per cent.
A total of 63 notifications were received with 33 per cent of all data breaches received were reported to involve people's health information.
