New medical hijack attacks targeting hospital devices

TrapX Security reported recently that cyber-attacks continue to target the healthcare industry, leading to an influx of attacks against hospital networks that have successfully penetrated security defences and continue to compromise medical devices, which are often vulnerable to attackers.

TrapX recently released the second edition of its report "Anatomy of an Attack - Medical Device Hijack 2" (MEDJACK 2). The report explains how attackers have evolved and are now increasingly targeting medical devices that use legacy operating systems that contain known vulnerabilities. By camouflaging old malware with new techniques, the attackers are able to successfully bypass traditional security mechanisms to gain entry into hospital networks and ultimately to access sensitive data.

Healthcare is now the most frequently attacked industry, beating out financial services, retail and other industries. As a result, it has been very difficult for healthcare organisations to keep pace with the number and sophistication of attacks they have to deal with.

Under the radar

"We saw from the first MEDJACK report that persistent medical-device attacks targeting hospital networks went undetected for months," said Greg Enriquez, CEO of TrapX Security.

"Over the last year we saw the compromise of healthcare networks come into the public spotlight, making frequent news headlines. Evidence confirms that sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market. MEDJACK 2 shows that MEDJACK 1 was not an anomaly but rather highlighted the beginnings of a growing trend, a trend that's become prevalent as attackers leverage sophisticated attack techniques to steal sensitive patient data while remaining undetected."

MEDJACK 2 is based on first-hand research gathered from medical hijack attacks documented by medical organisations that have deployed the TrapX security solution. The report details threat data and analysis in three new hospital case studies that chronicle the sophisticated evolution of ongoing advanced persistent attacks detected between late 2015 and early 2016.

Backdoors and botnets

These attacks, which target medical devices deployed within hospitals' computer networks, contain a multitude of backdoors and botnet connections, giving remote access for attackers to launch their campaign.

MEDJACK 2 follows the first "Anatomy of Attack - Medical Device Hijack" report, which was issued in June 2015 and featured research that showed how cyber criminals were leveraging medical devices as key points from which to launch attacks within healthcare networks. The report described how the attackers used medical devices to steal hospital records over an extended period of time and also to threaten overall hospital operations and the security of patient data.

"The onslaught of medical-device hijack attacks is accelerating, and it's becoming increasingly more challenging for hospitals to detect and prevent them," said Moshe Ben Simon, TrapX Security co-founder and vice president. "To mitigate these attacks going forward, TrapX recommends that hospital staff review budgets and cyber-defence initiatives at the organisational board level and consider bringing in technologies that can identify attacks within their networks, not just at the perimeter. In addition, healthcare organisations need to implement strategies that review and remediate existing medical devices, better manage medical device end-of-life and carefully limit access to medical devices. It becomes essential to leverage technology and processes that can detect threats from within hospital networks."

The full report, "Anatomy of an Attack - Medical Device Hijack 2," can be downloaded here.

Rick Popko