Software Integrity Blog


Old malware creates new headaches for healthcare IT

A new study finds that old malware is actively being exploited in healthcare environments.

On Monday, TrapX Security, a deceptive technology start up, released a report on Medical Device Hijack, or MEDJACK, entitled Anatomy of an Attack – Medical Device Hijack 2. The report, which updates a similar report from last year, is based on attacks the company observed between late 2015 and early 2016.

Greg Enriquez, CEO of TrapX, said in a press release, “Evidence confirms sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market.”

The attack surface is broad and it includes hospitals, physician practices, physician independent practice associations, accountable care organizations, healthcare insurance organizations, skilled nursing facilities, surgical centers, and other related organizations.

The report also finds:

  • There’s no such thing as “harmless malware”: Attackers are repackaging old Windows-based worms with new payloads, knowing that some medical IT staff ignore these as outdated threats.
  • Actual old malware is used to attack medical devices because some have no natural defenses, such as software updates, antimalware, or firewall protection.
  • Backdoors in medical devices all for the installation of medical malware, including ransomware.

The preferred healthcare targets include X-ray machines, radiation systems, fluoroscopy radiology systems and linac gating devices. Specifically, TrapX Security concluded that attackers were targeting medical devices with outdated and highly vulnerable operating systems such as Windows XP and Windows 7. The devices most vulnerable to MEDJACK and MEDJACK.2 include “diagnostic equipment (PET scanners, CT scanners, MRI machines, etc.), therapeutic equipment (infusion pumps, medical lasers, surgical machines), and life support equipment (heart – lung machines, medical ventilators, extracorporeal membrane oxygenation machines and dialysis machines).”


More by this author