Medic! Orangeworm malware targets hospitals worldwide If there's one thing security vendors love it's a catchilly-named piece of malware to whip up fervor over, and boy is it a good day to be Symantec. The company on Monday introduced the world to Orangeworm, a particularly nasty hacking operation that has been mainly attacking companies in the healthcare field. The operation is …
It isn't clear that "upgrades" are that easy. For example: if the XP machine is the interface to a 10 year old MID (medical imaging device, i.e. X ray, CAT Scan, MRI), the XP machine may be literally the only way to access data coming out of the MID.
Upgrading it might even require a recertification of the MID under US Food and Drug Administration rules.
"It isn't clear that "upgrades" are that easy. For example: if the XP machine is the interface to a 10 year old MID (medical imaging device, i.e. X ray, CAT Scan, MRI), the XP machine may be literally the only way to access data coming out of the MID." - That is one of the things that virtual machines are good for. You can run XP with the network interface disabled, configured to store all data on the host file system and be pretty safe against malware.
If I had a nickel for every time someone said "why can't we replace this broken PC/run it off a virtual machine", I'd be able to replace every spectrometer in the lab.
Worst case: The physical board inside the PC dates from 1992, uses a completely proprietary connector to the instrument itself, was only ever made by the OEM, was discontinued in 1993, has six soldered connections to the PC's motherboard, and there are no drivers available for anything later than Win XP (which are just buggy ports of the Win95 drivers anyway).
Best case: Replacing a PC yourself would invalidate the support contract on the instrument that costs $17,000 per anum, and the software license isn't transferable between computers anyway.
Please, please stop telling me "PCs are generic/Virtual machine everything." I know how to do those things; if it could be done, I would have done it already; the older and more expensive the instrument the more obstacles it has to simple PC swapping.
if the XP machine is the interface to a 10 year old MID (medical imaging device, i.e. X ray, CAT Scan, MRI), the XP machine may be literally the only way to access data coming out of the MID
It also holds for bits of equipment like electron microscopes - we have some that, even though they are old, are perfectly suited for what we need. And replacing them would use up our capital budget for the next five years.
So they stay, even though the software that drives them only works with Windows XP. Those machines are on a segregated VLAN with no access to the live network and only carefully-selected USB sticks are allowed to be plugged in.
This, Symantec says, could simply be a reflection on the state of IT in healthcare.
So it targets healthcare or not?
I thought the story was that some ransomware scumbags had surpassed themselves and done something soo evil - to actually target machines that peoples lives depend on .
Then Semantec says "it might not be deliberately targeted , its just that healthcare I.T is the dirtiest around and picks up all kinds of germs all the time" so to speak.
Or they include a *nix box that can be networked to many instruments, that locally serves browser pages to users. I like this approach better than the 'one instrument, one PC'. You don't need to screw around with trying to teach Linux to people who barely can handle Win7, and it's easier for the admin (or support engineer) to maintain remotely.
Have an upvote. I'd agree that could be a good way to go, and that was the how some equipment I used in the late 1970s worked. When IBM PCs running DOS came out, almost all manufacturers switched to them within a few years. The relative cost was <$5K compared with $20K-$50K, which was a significant chunk of the systems' $100K-$1M+ cost. I linked a lot of them with MS/IBM PC-LAN networking or Netware, sometimes talking to central minicomputers.
The new stuff that I have seen costs >$20K (sometimes >$400K) and they have their own built in high-res touch-tablet type screens with their own CPU ARM? and memory, upgrades are normally loaded from a USB stick. The user follows friendly on-screen prompts to set up and operate the instrument. The instrument has its own IP address, and a number of instruments can send data to one or more Windows PCs for processing.
The President's got worms?
I wouldn't be surprised if the malware was found to originate from health insurance companies, especially considering it is going after form filling software.
They are figuring out the best way to complicate forms so that they can refuse payout because ' You didn't answer this question correctly.'
I spent a year working a temporary job at the Veterans Administration hospital, responsible for all the medical coding which went on to the medical billing section there and guess what? I can't fill them out correctly either. Oh, and they are always looking for me to add another billing provider. Bad enough the ping-pong I'm going through with the hospital and the ambulance companies, toss in another provider into the mix? Yikes!
"The attack is believed to have been operational since at least January, 2015"
"If there is one bit of good news, it's that Orangeworm and its Kwampirs trojan are not particularly discreet. The malware tends to perform easy-to-detect activities, such as pinging a long list of command and control systems and trying to copy itself over network shares, once infected."
So, if it is so easy to detect, why are we just now hearing about it over 3 years since it has been operational?
When I started my current job with a Healthcare Company (hospital and clinic owner), I found my system's servers hadn't been patched for three years. When a major clinical system went down, we found out that they hadn't been performing backups either.
I'd like to think that isn't typical.
PS: Those things are happening as they should now, and being verified.
I remember checking the backups of a server when I started a new job and although the backup had been running perfectly for over a year it was suspiciously quick.
Turned out they'd scheduled the job, named it, added tapes to rotation etc which they were changing daily but hadn't actually selected any data to backup.
Researchers believe the malware is looking to get into sensitive medical information in carefully selected-targets, though they aren't sure exactly what the ultimate aim of Orangeworm is.
A "box" is easy to copy/reverse engineer, however, one needs the code to get things running. Maybe this is to "siphon" OS codes and send it to some country who specializes in copying someone's product and marketing it at a fraction of the cost?
Laws making the death penalty mandatory for anyone deliberately or accidentally infecting equipment in the health industry with malware, and for those who wrote the malware, might save us a lot of grief in the future. Same for infecting anything in the military.
Yeah, that might be harsh, but they are playing with nukes, not matches.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
