Security firm Symantec has discovered a new hacking group called Orangeworm, which is deliberately and systematically targeting the healthcare sector. Specifically, Orangeworm is installing a custom backdoor dubbed Trojan.Kwampirs within large healthcare companies in the United States, Europe, and Asia.

“First identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage.

According to Symantec telemetry, almost 40% of Orangeworm’s confirmed victim organizations operate within the healthcare industry. The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as x-ray and MRI machines. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures. The exact motives of the group are unclear.”

Get the full story on Symantec’ “Threat Intelligence” blog.