‘Orangeworm’ the new superworm hacking group that’s targeting healthcare

Hacking activity targeting the healthcare sector continues to rise.  New security research just released by Symantec has identified a global hacking group called ‘Orangeworm’.  Though its targeted victims accounted for a small number of organisations in 2016 and 2017 (mostly in the USA and Asia), some were identified as being based in Europe.  Analysis by industry has revealed that the healthcare sector is Orangeworm’s primary target, with 39% of hacking outcomes manifesting themselves in this data rich sector which includes hospitals and pharmacies.

Symantec said, “Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking. Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack”.

Orangeworm’s wormable trojan, named ‘Kwampirs’ is able to vet the data to determine if the computer is used for research, or contains high value data targets eg. patient information.  The Kwampirs then create a backdoor on compromised computers, enabling the hackers to remotely access equipment and steal sensitive data – and Orangeworm survives reboots.

The trojan worm has a penchant for machine software on critical hospital equipment which includes kit like x-ray machines and MRI scanners, as well as machines used to assist patients in completing consent forms.  If the ‘victim’ computer is of interest, the malware then “aggressively” spreads itself across open network shares to infect other computers within the same organisation and uses built-in commands to grab data. This includes “any information pertaining to recently accessed computers, network adapter information, available network shares, mapped drives, and files present on the compromised computer.”

The supply chain is a key part of this vulnerability funnel, with targets including manufacturers providing medical devices and technology companies offering services to clinics, plus logistics firms delivering healthcare products.

Director of Technology, Security & Governance, JP Norman advises:  “Ensure your anti-malware provider can detect Kwampirs activity and to prevent and detect an infection, ensure that:

•        A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
•        All operating systems, anti-virus and other security products are kept up-to-date.
•        All day-to-day computer activities such as email and internet are performed using non-administrative accounts.
•        Strong password policies are in place and password reuse is discouraged.
•        Network, proxy and firewall logs should be monitored for suspicious activity.
•        User accounts accessed from affected devices should be reset on a clean computer.”

Sales Director, Les Keen added, “Where there is the option for healthcare / supply chain organisations to prioritise IT funding, updating the Operating Systems is a primary, as is ensuring a strong and regular policy on Patch Management.  Our Sales and Security teams  are always on hand to review and audit organisational IT infrastructure and offer holistic remediation advice as part of our security readiness programmes.  Just call us on +44 2380 429429”.

 

Take Up For GP Online Services Hits 42% rise YOY in 2018

With 1 million patients now using the NHS every 36 hours, the pressure is firmly on the nation’s healthcare system to cope with an increased, ageing population, more complex medical conditions being treated, increased waiting time for treatment and more ingenious medicine which is keeping people alive for longer.  Tie that to Brexit and the drive for a 7 day service against today’s staffing pressures and you can see a perfect storm brewing.

Enter then, Health Minister Jeremy Hunt and reflect on his 5 Year Forward View for the NHS. Published in 2015, he laid out his vision for a gradual but persistent transition to patient power – in which digital technology would play a central role.  This was expanded on with his appointment of digital guru Martha Lane Fox to identify four key changes to map out a digital NHS for everyone.  Her stated targets included the following:

o  To reach the furthest first and leave nobody behind
o  To provide free WiFi for all throughout the NHS
o  To build the skills of NHS staff to support people’s needs in the digital age
o  To boost take up of online GP services

So it’s exciting three years on to hear good news coming from NHS Digital’s Leeds HQ. Their latest figures show patient registration take up for secure GP online services in England has risen sharply.  Nearly 14 million patients are now going to their GP’s online for a variety of NHS services without the need to visit a surgery or phoning the practice. These include:

•  Booking appointments
•  Ordering repeat prescriptions
•  Patients view their own records

The figure of 14 million patients is up 42% on February 2017 and amounts to a total of 24% of patients in England now being registered.

For the GP surgeries in local communities who have taken the plunge to embrace technology and overcome initial reservations in parts, these digital pioneers are now reaping the benefits from a variety of online GP cloud service providers.  The results are significant time savings for both the staff and practice GPs, fewer ‘no shows’ and improved patient awareness as patients become more knowledgeable about long term conditions.  The net benefit is derived because GPS have integrated the online public service with single source information clinical systems like EMIS and SystmOne.

There will always rightly need to be a hawkish attitude around protecting sensitive data, however if these new online systems are well governed and securely managed, the public that take up this offer can enjoy a degree of ownership of their healthcare data in intelligent partnership with their GPs and healthcare providers – and in so doing, feel good too they are contributing to improving NHS service efficiencies in the 21st Century.