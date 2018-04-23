New Attack Group Orangeworm Targets Healthcare Sector in US, Asia, and Europe: Symantec (symantec.com) 9
Security researchers at Symantec say a group of hackers has been targeting firms related to health care in order to steal intellectual property. The security firm observed a hacking team, called Orangeworm, compromise the systems of pharmaceutical firms, medical-device manufacturers, health-care providers, and even IT companies working with medical organizations in the US, Europe, and Asia markets. Victims don't appear to have been chosen at random but "carefully and deliberately." You can read the full report here.
Maybe I've just grown cynical from recent history, but my first reaction to this headline was: "I wonder what angle the pharmaceutical companies are trying to push here."
My second thought is: If you spent half as much on security as you do on advertising, this story would never have happened.
They just want to steal the secret contact lists so they can set up robo dialers to offer their own brand of health insurance.
This has been largely reported to impact x-ray and MRI machines. Hospitals can help to mitigate this by deploying medical devices securely such as by following the guidance contained in the OWASP Secure Medical Device Deployment Standard - https://www.owasp.org/images/c/c3/SecureMedicalDeviceDeployment.pdf
