April sees emergence of new threat groups, and cryptocurrency is king

The latest HIMSS cross-sector threat report outlines the growing strength of cryptomining software to line the pockets of hackers, and the need for healthcare organizations to be more proactive.
By Jessica Davis
02:39 PM

Sophisticated threat actors and vulnerabilities in legacy systems dominated healthcare cybersecurity issues in April, serving as a reminder that organizations need to be more proactive.

But the most prevailing theme from this month’s HIMSS Healthcare and Cross-Sector Cybersecurity report is “my other computer is your computer,” or the surge in cryptomining software in the industry. Researchers found that cybercriminals using this virus have significantly increased, while ransomware is in decline.

Cryptominers use a computer’s resource to mine bitcoin in the background to be directed to the hacker. A Tennessee-based hospital’s EHR became the first cryptocurrency mining victim in the healthcare sector in November, when a hacker remotely installed the software onto its vendor’s software.

“Cryptomining does just that – my other computer is your computer,” said Lee Kim, director of privacy and security for HIMSS North America. “Or, if you can do command injection or remote command execution on a machine, well, my other computer is your computer.”

“Medical devices can be hacked (yes), but it can be a bit more complex,” Kim added. “Being willfully blind will not make the problem go away. We need to take control of our systems and information before someone else does. Is it your computer or mine?”

The report also highlights the emergence of the hacking group known as OrangeWorm, who have targeted the healthcare sector and its associated vendors. The group targets legacy technology to run Kwampirs malware in the background to perform espionage.

If it finds something good on a network, it replicates and proliferates across the network.

So far, no organizations have come forward as a victim of OrangeWorm, but Symantec has seen Kwampirs in the wild, installed on MRI and X-Ray machines. But to Kim, the group poses a potential threat to supply chain attacks, that may “have us fall like dominos.”

While she couldn’t say whether the group would be capable of bringing fears over medical device flaws to reality, Kim said it would depend on OrangeWorm’s “intent and purpose: flexing the muscle or going beyond that – that’s the question.”

At the end of the day, “healthcare organizations will be pwned unless they become much more proactive,” said Kim. “The culture of cybersecurity needs to change (and increase in budgets too!).”

“Innovation paves the way for good and evil,” she continued. “Bad actors will look for an effective way to get in with the least amount of effort and time to yield the biggest profit or achieve their intended purpose (even if it’s monetary).”

Healthcare Security Forum

The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.