Research Shows MEDJACK is a Major Threat to Hospital Operations and the Security of Patient Data
SAN MATEO, CA — June 15, 2015 — TrapX™, a global leader in deception-based cyber security defense, reported today that attackers have managed to place malicious software on critical medical devices giving them the ability to remotely control medical equipment. Today Trapx released its latest report, “Anatomy of an Attack – Medical Device HiJack (MEDJACK).” According to TrapX Labs, medical devices have emerged as key targeted pivot points for cyber attackers that seek to compromise hospitals and healthcare networks. The report addresses how attackers are able to rapidly penetrate medical devices and establish back doors that give them open access to the rest of the data within healthcare institutions. Attackers are using this access to continue attacks until they have exfiltrated the targeted healthcare information.
“Healthcare data presents an attractive target for organized crime,” said Carl Wright, general manager of TrapX. “Healthcare records are the new credit card, providing cyber thieves much larger returns on their breach activities. MEDJACK enables them to exploit this opportunity rapidly and effectively target the largest healthcare and life sciences institutions on a global basis.”
The primary research in the report is based on first-hand data from incidents and advanced persistent threats (APTs) captured by the TrapX security operations center (TSOC). Three of these examples are used as the basis of the material published in the report.
“TrapX strongly recommends that hospital staff review and update their contracts with medical device suppliers,” said Moshe Ben Simon, TrapX Security co-founder and vice president. “These contracts should address the detection, remediation and refurbishment of medical devices sold by the supplier that later become infected by malware. Hospitals must have a documented test process to determine if their devices have become infected, and suppliers must have a documented standard process for remediating and rebuilding devices when they’re exploited by cyber attackers.”
The full report, “Anatomy of an Attack – Medical Device Hijack,” can be downloaded here:
About the AOA Series and TrapX Labs
The Anatomy of an Attack (AOA) Series highlights the results of TrapX Labs’ research into current or potential critical information security issues. The mission of TrapX Labs is to conduct critical cybersecurity experimentation, analysis and investigation and to bring the benefits to the community at large through AOA publications and rapid ethical compliance disclosures to manufacturers and related parties. TrapX Security™ and DeceptionGrid™ are trademarks licensed by TrapX Security, Inc.
For more on TrapX, please visit: www.trapx.com
Visit the TrapX blog: https://www.trapx.com/blog/
Follow TrapX on Twitter: @trapxsecurity
Follow TrapX on LinkedIn: https://www.linkedin.com/company/trapx
Like TrapX on Facebook: https://www.facebook.com/pages/TrapX/258804147648401
TrapX Security is a leader in the delivery of deception-based cyber security defense. Our solutions rapidly detect, analyze and defend against new zero day and APT attacks in real time. DeceptionGrid™ provides automated, highly accurate insight into malware and malicious activity unseen by other types of cyber defense. We enable a proactive security posture, fundamentally changing the economics of cyber defense by shifting the cost to the attacker. The TrapX Security customer base includes Forbes Global 2000 commercial and government customers around the world in sectors that include defense, healthcare, finance, energy, consumer products and other key industries. Learn more at www.trapx.com.