Guarding against medjacks

Cybercriminals often target healthcare organizations because of the sensitive data they store, and medical devices can be especially vulnerable to malicious actors. With a complex IT environment of old and new technology, healthcare organizations should pay close attention to specialized attacks that could disrupt operations or make patient care challenging. 

The use of medjacks allows for a deep-rooted attack that can cripple the core functioning of healthcare organizations, big and small. By understanding the fundamental principles around protecting against these attacks organizations can guard against this ever-evolving attack. 

What is a medjack? 

Medjacks, short for "medical device hijacks," are a type of cyberattack focusing on medical devices within healthcare organizations. Hackers target these devices because they often run on outdated software and lack strong security measures. Once inside, attackers can manipulate the devices, disrupt their functions, and use them as entry points to access the broader hospital network. Medical devices like insulin pumps, pacemakers, and MRI machines are necessary for patient care, making these attacks particularly dangerous.

The evolution of medjacks 

"Medjack” was first coined in 2015 when Trap X, a security organization, identified healthcare device hijacking. Hackers use medjacks to infiltrate computers or network servers via backdoor entries. Once inside, they can steal data, demand ransom, or disable systems and devices. Between 2015 and 2018, four variations of MEDJACK were developed, making detection increasingly challenging. By 2019, specific devices like Medtronic's insulin pumps and cardiac devices were targeted, demonstrating an evolving and persistent rise in these attacks.

In 2011, researchers exposed vulnerabilities in insulin pumps, showing that off-the-shelf hardware could launch active and passive attacks. These attacks allowed unauthorized parties to gain full control over the pumps, potentially starting, stopping, or even administering an overdose of insulin, actions that could be deadly to patients. A novel security mechanism called an RF (radio frequency) shield was introduced to counter the attacks. Acting as a proxy server, an RF shield prevents unknown devices from communicating with implantable medical devices, ultimately blocking unauthorized access attempts.

Using encryption for protection 

Encryption is the most effective tool against medjacks, as it turns sensitive data into unreadable codes for unauthorized actors. Encrypting data stored on medical devices and network servers prevents unauthorized access to sensitive information, even if attackers manage to breach the network or hijack a device. 

Best practices

Secure devices 

• Medical devices often come with default settings that can be insecure. Change default passwords, disable unnecessary services, and ensure that only necessary ports are open. 
• Regularly verify the integrity of the firmware on medical devices. Use cryptographic checksums or digital signatures to ensure the firmware has not been tampered with.
• Place medical devices on dedicated Virtual Local Area Networks (VLANs) to isolate them from other network traffic.

Apply the right security principles and techniques 

• Adopt a zero-trust security model, which operates on the principle of "never trust, always verify." Every request to access network resources should be authenticated, authorized, and encrypted, regardless of the source. 
• Use application whitelisting to ensure that only approved software can run on medical devices. 
• Implement behavioral analytics to monitor the typical behavior of medical devices and identify anomalies that may indicate a security breach. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What are checksums?

Checksums are numerical values used to verify data integrity by detecting errors or changes in the data.

What are practical examples of VLANs?

Practical examples of VLANs include segmenting office networks into separate departments such as HR, finance, and IT to improve security and manageability.

What can lead to a medjack?  

Devices may be vulnerable to a medjack because of outdated software, lack of strong security measures, and insufficient network segmentation in medical devices.