MEDJACK – Compromising Healthcare Via Old Tech

We often enter a medical facility when we are in a vulnerable state due to health concerns. Not only are we poked and prodded by specialists attempting to discern a treatment schedule but also by staffers for personal information. Millions of data points are collected by the healthcare industry in regards to patient identification and care to be referenced at a moment’s notice across an organization’s entire IT infrastructure.

While the industry is tasked with maintaining the security state integrity of these databases and technology, hackers are constantly seeking new vulnerabilities. The interconnected nature of health data is putting communicating providers at risk for an incident. Not unlike 3rd-party security standards issues similar to those that led to the Target breach in 2013.

It is this march of time that has created one of the most notable issues in the field of late. Due to the aging of peripheral devices still deployed throughout the healthcare IT landscape, a new threat has emerged known as MEDJACK. According to a recent report by TrapX, a number of attacks have already taken place. Devices such as “X-ray equipment, picture archive and communications systems (PACS) and blood gas analyzers (BGA)” have been exploited and the risk does not stop there. There is a significantly long list of devices and components that are at risk to MEDJACK. [1]

These endpoint units are often running severely out-of-date operating systems that may no longer be supported or updated such as Windows 2002, XP or various distributions of Linux. This creates a pivot point for attacks to exploit the larger system within a facility.

Locking up the Keys to the Castle

Of course, swapping out all the devices for new models may not be in the budget. However, protecting medical devices should be a goal every IT team strives to secure. With a properly setup file integrity monitoring system in place, detecting unauthorized and unwanted changes is easier than ever before. If you are in need upgrading your security posture for Health Insurance Portability and Accountability Act (HIPAA) or Health Information Technology for Economic and Clinical Health Act (HITECH) requirements, get in contact and find out how CimTrak has you covered.

References

http://deceive.trapx.com/AOAMEDJACK_210_Landing_Page.html

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".