‘Medjack 2’ describes the latest weapons in the hacker arsenal used to hijack medical devices.
It is not just the enterprise, banks and individuals that are targeted by cybercriminals looking to cash in on data and rinse bank accounts.
Things have taken a more sinister turn with the introduction — and evolution — of attacks specifically designed to compromise medical devices, which places both patient health and information at serious risk.
A new report released by security firm TrapX on Monday highlights how this trend is becoming more and more serious, and healthcare organizations must sit up and take note of these emerging threats before it is too late.
We’ve already seen ransomware attacks levied against hospitals this year which have successfully disrupted critical services and taken down full systems, with some hospitals giving in and paying a ransom to resume operating.
This kind of malware, although often heartbreaking for victims and capable of immense disruption, is not in the same ballpark as other attacks which are striking hospitals for the purpose of tampering with devices and data.
The report, “Anatomy of an Attack – Medical Device Hijack 2” (.PDF), is based on medical hijack attacks detected between late 2015 and early 2016, expanding on TrapX’s original MedJack 1 research.
The team found that attacks which target medical devices deployed in hospital PC systems and networks are on the rise and often contain backdoors, botnet connections and remote access tunnels for cyberattackers to manipulate devices.
Greg Enriquez, CEO of TrapX Security commented:
“Sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market […] MedJack 1 was not an anomaly but rather highlighted the beginnings of a growing trend, a trend that’s become prevalent as attackers leverage sophisticated attack techniques to steal sensitive patient data while remaining undetected.”
Some of the report highlights include:
- Attackers were found to repackage and disguise advanced tools within old, Windows-based worms which were ignored by security software as outdated, harmless malware — but would then seek out old PC systems to compromise.
- Old malware variants were commonly used to attack medical devices as many of them have no security protection whatsoever, and there is no need to use sophisticated, expensive software once a network has been infiltrated;
- Backdoors were often installed afterwards, allowing for spying, data theft and providing an avenue to deploy malware payloads including ransomware;
- X-ray machines, radiation systems, fluoroscopy radiology systems and linac gating devices were all found to be constant targets for attackers.
By compromising medical systems, attackers could not only potentially tamper with live-saving devices — such as altering dosage rates or turning systems off and on — but they can also use vulnerabilities to steal valuable medical and patient data over time.
Medical device hijacking is only one threat element hospitals face today. Healthcare organizations have been forced to take cybersecurity more seriously since the recent spate of ransomware-based attacks at a number of hospitals this year, but to combat the more complex problem of medical device hijacking, solutions need to come from the top.
Hospital budgets and board decisions have to come into play if healthcare organizations are going to be able to keep patients safe from these threats in the future. It may not seem likely that such a malicious attack would occur against a patient using a critical medical device, but in today’s world, anything is possible.
“Healthcare organizations need to implement strategies that review and remediate existing medical devices, better manage medical device end-of-life and carefully limit access to medical devices,” noted Moshe Ben Simon, TrapX Security co-founder and vice president. “It becomes essential to leverage technology and processes that can detect threats from within hospital networks.”