Skip to main content

Windows-powered medical scanners are being hit by health care hackers

Liz West / Flickr (Creative Commons)

Hackers have been targeting medical scanning equipment like X-ray and MRI machines for the past few years and some of them have been very successful. While the attacks raise the potential of the theft of personal patient medical data, they appear to be centered around learning how certain medical software operates, possibly as part of an industrial espionage campaign.

While much of the world’s PCs have today moved on to more modern and secure operating systems like Windows 10, old equipment like medical scanners can still be found using ancient legacy platforms like Windows 95. That’s been the case with a number of X-ray and MRI machines which have been targeted by a group known as Orangeworm, who over the past few years have infected more than 100 different health care organizations with malware.

A Symantec report on this problem shows that health care providers have been the biggest target for this kind of malware, with some 39 percent of the group’s attacks in recent years targeting that industry. Other common targets are IT and manufacturing, along with agriculture and logistics to a lesser extent. However, each of those targets has been part of the medical supply chain, suggesting a coordinated effort to understand the entire health care industry’s IT infrastructure.

What’s confusing the security professionals, however, is that the attacks don’t appear to have a clear purpose. While they seem to use phishing emails as an attack vector — a common method for many malware types — they don’t seem to share many characteristics with more traditional digital assaults. No data appears to have been stolen, no ransoms are being demanded, and the systems aren’t left running cryptominers.

That leaves security researchers like those at Symantec unsure about who is truly responsible. As PCMag points out, the lack of a clear goal may suggest state-sponsored hackers, but the fact that the attacks are relatively unsophisticated suggests otherwise.

Regardless though, Symantec and its contemporaries see this as a wake-up call for the health care industry to overhaul its digital security. While these attacks have so far been rather benign, there’s little stopping those responsible from returning with much more dangerous plans in mind. Malicious software could wipe patient records, steal information, or shut down much needed medical equipment, potentially putting lives at risk.

The general advice given, for now, is for institutions to update their systems where possible and, where not, to isolate them on smaller, localized networks so that they aren’t so easily accessed.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This PowerPoint ploy could help hackers empty your bank account
A hacker typing on an Apple MacBook laptop, which shows code on its screen.


With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more
DOJ’s new NatSec Cyber unit to boost fight against state-backed hackers
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Eyeing the increasing threat of damaging cyberattacks by hackers backed by hostile foreign states, the U.S. Justice Department (DOJ) on Tuesday announced the creation of the National Security Cyber Section -- aka NatSec Cyber -- within its National Security Division (NSD).

Hackers operating out of countries like China, Russia, and North Korea seek to cause disruption across a wide range of sectors, steal government and trade secrets, spy on targets, and raise revenue via extortion. Such nefarious activities have long been a concern for those overseeing U.S. national security, and the DOJ’s new unit aims to improve the efficiency of tackling the perpetrators’ operations.

Read more