skip to Main Content

Hospitals and Healthcare Clinics are under cyber attack – are you prepared?

There has been a major increase in healthcare attacks over the last year and the level of sophistication of each attack is increasing with each incident. From Orangeworm’s targeted attack on MRI machines where the Trojan collects information about the host system, to the recent documented vulnerabilities on Phillips CT Scanners where they could be exploited by an attacker to steal protected health information (PHI) and other sensitive data files, there is no denying cyber attacks in the healthcare industry are on the rise.




“Orangeworm” is the name for the group responsible for many healthcare cyber attacks since 2015. One of their most recent exploits is a Trojan campaign known as the Kwampirs backdoor. This exploit has been observed targeting X-Ray machines, MRIs, and machines that help patients complete their consent forms.


Once executed, the Kwampirs backdoor allows Orangeworm to evaluate whether a compromised system belongs to a high-value target and spreads the infection to other computers, collecting massive amounts of information about the victim’s network. Older or out-of-date operating systems like Windows XP are susceptible to Orangeworm’s attacks, which is a known problem for the healthcare sector, in which many hospitals and practitioners rely on legacy systems.


Phillips Brilliant CT Scanners


The vulnerability found in the Phillips Brilliant CT scanners has not yet been exploited, according to Phillips. The potential exploit results from the device prompting a Windows operating system to boot with elevated privileges, possibly granting threat actors with access to confidential resources or compromised credentials.


The CT scanners are among many medical devices that contain hard-coded credentials, which can be easy to guess and lead to widespread access in an interconnected system. While Phillips has advised customers to upgrade its Brilliance iCT software, its advice still includes the implementation of “a comprehensive, multi-lawyered security strategy to protect systems from internal and external threats.”

Are you aware of these core elements that are part of every hospital/clinic cybersecurity program?


Do you know the primary cyber threats and do you have threat intelligence specific to your hospital or clinic?


Most cyber-attacks target specific technologies (think operating systems or web applications).  Knowing what technologies are present helps in understanding the severity of recent attacks.  Additionally, healthcare is now being seen as a “target rich environment” and there is a growing list of indicators that could potentially signal a future attack.


Is any of your patient information being sold on the dark web?


A typical news report describes the cyber attack and how many records were potentially accessed or taken.  But for an attacker, that is only the first step.  The next step is to monetize the ill-gotten data by selling the privacy or health related information on what is known as the “dark web.”  This is essentially a non-attributable, online black market to buy and sell information.


Is your social media being exploited with impersonation/fraud attempts?


As enterprises become more adept at protecting their network perimeters andweb applications, while enhancing their protections against phishing, cyber attackers have recently turned their attention to a relatively susceptible venue: Social Media.  Examples of impersonations and fraud are accounts that claim to be a healthcare’s call center (obtain login credentials), or even the billing department (bank or credit card).


Are you aware of the ongoing attacks on medical devices and do you have methods that might mitigate this activity?


Medical devices fall under the Internet of Things (IoT) category.  Information technology has historically gotten smaller, faster, and more powerful as time progresses.  This has led to the IoT market explosion in the last few years.  Particularly troublesome for healthcare, these IoT devices are critical on many levels (patient, provider, and vitals monitoring).  The healthcare industry has remained comfortable in the knowledge that there hasn’t yet been a lethal or catastrophic event. And while that is still true, Orangeworm has shown that the interest and ability are starting to become realized.

Turn to Evolver


Evolver is currently providing support in all of these areas and welcomes the opportunity to discuss how we can help your hospital or clinic. Regardless of the size of your hospital or clinic, or setting, urban or rural, we are here to help with:

  • Risk Assessments
  • Cyber Risk Quantification
  • Threat Intelligence
  • Social Media Monitoring
  • Medical Device Security
  • SOC Audits
  • Security Operations
  • CISO Support
  • Regulation Readiness
Back To Top