Hacker group’s activity first picked up by Symantec cybersecurity.

When patients think of cutting edge medical innovation, things like the Leonardo camera-guided robotic surgery come to mind, or the ability to send a capsule-sized camera through the digestive tract to diagnose potentially life-threatening medical conditions. Most people probably aren’t envisioning diagnostic equipment that’s still running Windows XP, and is therefore highly vulnerable to cyberattacks.

Symantec first noticed the activity of a hacker group called Orangeworm in 2016, but its standard method of exploiting backdoors to install the same malware is on the rise. Of the recent targets, found in more than 20 countries, 40% of the businesses hit by their attacks were in the medical industry. This is largely possible because equipment like x-ray machines, MRI scanners, and other installed high-dollar diagnostic tools are often still running older operating systems that don’t have the capability to recognize and fend off some newer threats.

New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia

New Orangeworm attack group targets the healthcare sector in the US, Europe, and Asia


Orangeworm seems to be on the lower end of the sophistication spectrum. Reportedly not a state-sponsored group, they’re also not sloppily casting a wide net and hoping to land on something useful and vulnerable. Rather, there seems to be intention in what they’re doing and who they’re targeting, which speaks to a broader concern for many industries: if you have mission-critical technology in place that cannot simply be recycled at Geek Squad and upgraded every time something newer comes to market, you may already be in a hacker’s crosshairs.


A hospital cannot simply haul off its entire radiology wing and replace it with newer equipment, nor can they shut down all operations for a week while they install and train staff members on the new network. That very scenario has left the medical field vulnerable for some time, and could explain the rampant rise in ransomware attacks that have been launched in just the past few years. The healthcare industry needs a better way to upgrade and keep up, one that will not disrupt the vital work they do.

Get protected

Cybersecurity experts Symantec are the publishers of a range of security and antivirus products including Norton AntiVirus – which can be downloaded here