It seems as though this song and dance never gets old; the same tune just keeps playing and playing. The chorus, in healthcare, continues to say the same thing — hackers are after health information and the number of incidents is increasing.

According to a new analysis by Symantec, almost 40 percent of the hacker group Orangeworm's victims are organizations operating in healthcare. Of those, 17 percent of victims are based in the U.S., which is fairly significant.

Orangeworm’s malware, called "Trojan.Kwampirs," was found on software installed for the use and control of high-tech imaging devices like X-ray and MRI machines, per a statement issued by Symantec on its cybersecurity blog.

The firm says that Orangeworm has breached about 100 large, international corporations operating within the healthcare sector around the globe, with as many as 36 breaches in 2018.

Orangeworm infiltrates a victim's network and installs Kwampirs malware, allowing it remote access and the ability to steal information. Symantec says it is not sure what kind of information has been compromised, which is never comforting.

Additionally, those struck by the hacker group are primarily organizations using outdated software. According to reporting by Digital Trends, old equipment like medical scanners can still be found using legacy platforms like Windows 95, such as is the case with a number of X-ray and MRI machines that have been targeted by the group.

"What’s confusing the security professionals, however, is that the attacks don’t appear to have a clear purpose," the site offers. "While they seem to use phishing emails as an attack vector — a common method for many malware types — they don’t seem to share many characteristics with more traditional digital assaults. No data appears to have been stolen, no ransoms are being demanded, and the systems aren’t left running cryptominers."

Symantec warns that the sector should wise up and take notice of the findings, and overhaul digital security. While these attacks have so far been rather benign, there’s little stopping those responsible from returning with much more dangerous plans in mind. Malicious software could wipe patient records, steal information, or shut down much needed medical equipment, potentially putting lives at risk.

The general advice given, for now, is for institutions to update their systems where possible and, where not, to isolate them on smaller, localized networks so that they aren’t so easily accessed.

While the group's motive remains unknown, Symantec officials say the attacks on healthcare providers have been especially effective because of the organizations' tendency to still run legacy systems on older platforms.

The malware was first discovered in 2016. "We started looking into that malware, trying to determine what its functionality was, what it did, anything unique about it, and we found it was a backdoor we had not seen before," senior threat intelligence analyst Jon DiMaggio told Healthcare Dive.

The breaches will keep coming. A recent Ponemon Institute survey showed that cybersecurity has continued to be a problem for healthcare organizations; 62 percent of executives said a cyberattack was experienced in the past year and more than half of those losing patient data

Cybersecurity threats have persisted through 2018. A ransomware attack compromised computers at Greenfield, Indiana-based Hancock Health in January, followed by an attack on West Virginia-based Coplin Health Systems, which reported that the personal information of 43,000 patients may have been breached after an encrypted laptop was stolen from an employee’s car.