April sees emergence of new threat groups, and cryptocurrency is king

Sophisticated threat actors and vulnerabilities in legacy systems dominated healthcare cybersecurity issues in April, serving as a reminder that organizations need to be more proactive.

But the most prevailing theme from this month’s HIMSS Healthcare and Cross-Sector Cybersecurity report is “my other computer is your computer,” or the surge in cryptomining software in the industry. Researchers found that cybercriminals using this virus have significantly increased, while ransomware is in decline.

Cryptominers use a computer’s resource to mine bitcoin in the background to be directed to the hacker. A Tennessee-based hospital’s EHR became the first cryptocurrency mining victim in the healthcare sector in November, when a hacker remotely installed the software onto its vendor’s software.

“Cryptomining does just that – my other computer is your computer,” said Lee Kim, director of privacy and security for HIMSS North America. “Or, if you can do command injection or remote command execution on a machine, well, my other computer is your computer.”

“Medical devices can be hacked (yes), but it can be a bit more complex,” Kim added. “Being willfully blind will not make the problem go away. We need to take control of our systems and information before someone else does. Is it your computer or mine?”

The report also highlights the emergence of the hacking group known as OrangeWorm, who have targeted the healthcare sector and its associated vendors. The group targets legacy technology to run Kwampirs malware in the background to perform espionage.

If it finds something good on a network, it replicates and proliferates across the network.

So far, no organizations have come forward as a victim of OrangeWorm, but Symantec has seen Kwampirs in the wild, installed on MRI and X-Ray machines. But to Kim, the group poses a potential threat to supply chain attacks, that may “have us fall like dominos.”

While she couldn’t say whether the group would be capable of bringing fears over medical device flaws to reality, Kim said it would depend on OrangeWorm’s “intent and purpose: flexing the muscle or going beyond that – that’s the question.”

At the end of the day, “healthcare organizations will be pwned unless they become much more proactive,” said Kim. “The culture of cybersecurity needs to change (and increase in budgets too!).”

“Innovation paves the way for good and evil,” she continued. “Bad actors will look for an effective way to get in with the least amount of effort and time to yield the biggest profit or achieve their intended purpose (even if it’s monetary).”

Twitter: @JessieFDavis
Email the writer: [email protected]

Source: Read Full Article