Page 65 - index
P. 65
Anatomy of an Attack Medjack (Medical Hijack)
Research by TrapX Labs, a Division of TrapX Security Inc.
According to the recent TrapX Labs scientists report, “Anatomy of an Attack – Medical Device
Hijack (MEDJACK),” medical devices have emerged as the key targeted pivot-points for cyber
attackers that seek to compromise hospitals and healthcare networks.
The report addresses how attackers are able to rapidly penetrate medical devices and establish
back doors that give them open access to the rest of the data within healthcare institutions.
Attackers are using this access to continue attacks until they have exfiltrated the targeted
healthcare information.
“Healthcare data presents a compelling opportunity for organized crime,” said Carl Wright,
general manager of TrapX. “Cyber criminals are being paid $20 to $40 for individual health
insurance credentials, compared to a dollar or two for individual credit card numbers.
MEDJACK enables them to exploit this opportunity much more rapidly. They can now
effectively target the largest healthcare and life sciences institutions on a global basis.”
Report Methodology
The report explains why medical devices are primary pivot-points, how the attacks happen, and
how attackers can extend their command-and-control points to breach a hospital’s electronic
medical records (EMRs) over an extended period.
The primary research in the report was based on first-hand data from incidents and advanced
persistent threats captured by the TrapX security operations center (TSOC). Three of these
examples were used as the basis of the material published in the report.
Real-World Examples
The first real-world example in the report focuses on a global healthcare institution. A few days
after this hospital deployed TrapX’s technology, TrapX Labs received high-level alerts indicating
malicious persistent attacks.
The source of these attacks emanated from three of the institution’s blood-gas analyzers, which
were all infected separately. The attacker(s) had enabled backdoors into these medical devices
and were in the process of seeking to compromise the hospital’s data.
The hospital’s standard cyber-defense was unable to scan or remediate anything within the
blood gas analyzers, so the attacks continued undetected and unimpeded for a very long time.
In a second real-world example that also focused on a global healthcare institution, TrapX
technology identified attacks through a back door located within the hospital’s picture archive
and communications systems (PACS).
65 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
