MEDJACK Strikes Again, Exploiting Outdated Software on Medical Devices

After a series of successful attacks last year, more evolved MEDJACK.2 attacks have been detected in hospital-related outbreaks, announced security company TrapX.

MEDJACK.2 adds a new layer of camouflage to the attacker’s strategy, said Moshe Ben Simon, Co-Founder & VP, TrapX Security General Manager. New and highly capable attacker tools are cleverly hidden within very old and obsolete malware. It is a most clever wolf in very old sheep’s clothing. They have planned this attack and know that within healthcare institutions they can launch these attacks, with impunity or detection, and easily establish backdoors within the hospital or physician network in which they can remain undetected, and exfiltrate data for long periods of time.

Following the initial cyber-attacks, TrapX has now released a report on three new cases of backdoors and botnet connections controlled by hackers, vulnerabilities not detected by any of the institutions’ endpoint security software.

Originally, MEDJACK targeted medical devices in healthcare units, devices that ran on outdated software. The malware was an old version of the MS08-67 worm and was used to manipulate older versions of Windows.

As newer versions had this vulnerability removed, it went undetected through the system. Once the network was infected, the medical devices, which mostly ran on older versions of the operating systems and on the proprietary internal software, were easy targets, putting healthcare data security at risk.

The infected devices include diagnostic equipment (PET scanners, CT scanners, MRI machines, etc.), therapeutic equipment (infusion pumps, medical lasers, and surgical machines), life support equipment (heart – lung machines, medical ventilators, extracorporeal membrane oxygenation machines, dialysis machines) and more.

Due to the massive financial earnings on the black market, the data stolen from healthcare units ranks high on the hackers’ attack list, with selling prices ranging from $10 to $20 per patient file. Consequently, hospitals, physician practices, and healthcare related organizations are vulnerable to MEDJACK attacks, and a lack of proper strategy and funding prevents them from stopping the assault.