MEDJACK 2 Report Reveals Attackers Are Disguising Sophisticated Attacks Within Old Malware Wrappers to Gain Entry to Hospital Networks and Steal Patient Data
SAN MATEO, CA–(Marketwired – Jun 27, 2016) – TrapX™ Security, a global leader in deception-based cyber security, reported today that cyber-attacks continue to target the healthcare industry, leading to an influx of attacks against hospital networks that have successfully penetrated security defenses and continue to compromise medical devices, which are often vulnerable to attackers. TrapX today released the second edition of its report “Anatomy of an Attack – Medical Device Hijack 2” (MEDJACK 2). The report explains how attackers have evolved and are now increasingly targeting medical devices that use legacy operating systems that contain known vulnerabilities. By camouflaging old malware with new techniques, the attackers are able to successfully bypass traditional security mechanisms to gain entry into hospital networks and ultimately to access sensitive data.
Healthcare is now the most frequently attacked industry1, beating out financial services, retail and other industries. As a result, it has been very difficult for healthcare organizations to keep pace with the number and sophistication of attacks they have to deal with.
“We saw from the first MEDJACK report that persistent medical-device attacks targeting hospital networks went undetected for months,” said Greg Enriquez, CEO of TrapX Security. “Over the last year we saw the compromise of healthcare networks come into the public spotlight, making frequent news headlines. Evidence confirms that sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market. MEDJACK 2 shows that MEDJACK 1 was not an anomaly but rather highlighted the beginnings of a growing trend, a trend that’s become prevalent as attackers leverage sophisticated attack techniques to steal sensitive patient data while remaining undetected.”
MEDJACK 2 is based on first-hand research gathered from medical hijack attacks documented by medical organizations that have deployed the TrapX security solution. The report details threat data and analysis in three new hospital case studies that chronicle the sophisticated evolution of ongoing advanced persistent attacks detected between late 2015 and early 2016. These attacks, which target medical devices deployed within hospitals’ computer networks, contain a multitude of backdoors and botnet connections, giving remote access for attackers to launch their campaign.
MEDJACK 2 follows the first “Anatomy of Attack – Medical Device Hijack” report, which was issued in June 2015 and featured research that showed how cyber criminals were leveraging medical devices as key points from which to launch attacks within healthcare networks. The report described how the attackers used medical devices to steal hospital records over an extended period of time and also to threaten overall hospital operations and the security of patient data.
“The onslaught of medical-device hijack attacks is accelerating, and it’s becoming increasingly more challenging for hospitals to detect and prevent them,” said Moshe Ben Simon, TrapX Security co-founder and vice president. “To mitigate these attacks going forward, TrapX recommends that hospital staff review budgets and cyber-defense initiatives at the organizational board level and consider bringing in technologies that can identify attacks within their networks, not just at the perimeter. In addition, healthcare organizations need to implement strategies that review and remediate existing medical devices, better manage medical device end-of-life and carefully limit access to medical devices. It becomes essential to leverage technology and processes that can detect threats from within hospital networks.”
The full report, “Anatomy of an Attack – Medical Device Hijack 2,” can be downloaded here: http://deceive.trapx.com/WPMEDJACK2.0_210LandingPage.html
About the AOA Series and TrapX Labs
The Anatomy of an Attack (AOA) Series highlights the results of TrapX Labs’ research into current or potential critical information security issues. The mission of TrapX Labs is to conduct critical cybersecurity analysis, investigation and reporting and to bring the benefits to the community at large through AOA publications and rapid ethical compliance disclosures to manufacturers and related parties. TrapX Security™ and DeceptionGrid™ are trademarks licensed by TrapX Security, Inc.
Tweet this: @TrapXSecurity Discovers New Medical Hijack Attacks Targeting Hospital Devices http://tinyurl.com/h952v5u