MEDJACK 3.0 – The Anatomy of the Newest Cyber Attack on Healthcare

  • January 7, 2018 - by Synoptek
Share Button

As one of the largest individual markets within the United States with a large annual expenditure of about 17.5 percent of the GDP in the United States, the healthcare industry harbors a continuously growing challenge to defend against cyber-attacks.

Healthcare has always been and remains a major target in the cyber world, with nearly 90% of healthcare attorneys saying the industry is at a greater risk of data breaches compared to other industries. The newest attack on major healthcare organizations comes in the form of MEDJACK, otherwise known as “Medical Device Hijacking”.

What is MEDJACK?

MEDJACK, a method of undetected cyber-attack on medical devices through malware, focuses on finding vulnerabilities to create backdoors “behind the firewall”. Medical devices often run on insecure operating systems such as Windows 2000, Windows XP, or Linux, and traditional cyber defenses cannot run on these devices without the manufacturer’s authorization.

MEDJACK looks to gain access to hospital networks, steal confidential data, or even compromise medical devices like diagnostic equipment (PET scanners, CT scanners, MRI machines), therapeutic equipment (pumps, lasers, or surgical machines), and even life support equipment (heart – lunch machines, ventilators, oxygenation and dialysis machines). Any medical device that is connected to the internet should be considered a vulnerable target that can be leveraged in an attack.

Other Forms of a MEDJACK Attack

These cyber-attacks can also come in other forms – Polymorphic Malware and Software Repacking.

Polymorphic malware changes over time to increase the level of difficulty to detect through anti-malware software. This malicious code can change in a variety of ways – how it is encrypted, compressed, and even the way the file is named. The shapeshifting malware then takes increased time for an IT team to detect.

Another form of attack is created by software repacking. They are normally used by legitimate software manufacturers to keep proprietary information private while retaining the function of the software but now are commonly exploited by malware to hide the contents of malicious files. Packers essentially process executable files in real-time, running the program as it loads onto the system. These malicious files can be packed and repacked numerous times with incremental changes to the packing method, making it much harder to identify the malware before it’s too late.

Vulnerable Environments and MEDJACK Outlook in 2017

Very few diagnostic cyber security tools are available for a hospital to use in identifying malware on an overwhelming amount of medical devices. MEDJACK takes advantage of this weakness and successfully establishes backdoors on medical devices by deploying older malware that goes undetected.

With hospitals and medical facilities still adapting to the recent digitalization of patient medical records, hackers are capitalizing and exploiting the many vulnerabilities in these organizations’ security layers. Recent success of MEDJACK has caused a rise in infection by malware and will cost healthcare institutions millions of dollars to remediate the situation. Attacks will be greater and continue to become more complex on the healthcare industry in 2017.

IT Security Program Designed for Healthcare Institutions

In response to increased attacks on the healthcare industry, Synoptek has developed several programs including: end-user training and threat education, end-point security, network security, and cyber security advisory. Our adaptive approach focuses on detecting threats from within at an early stage of its attack life cycle to protect applications, computing, and network infrastructure.

Together, we can fight the storm together. Contact Synoptek to learn more.

Other Resources:

About the Author

Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.