Faulty network security and lack of encryption may not be the only key entryways for hackers to access a system. Now, cyber criminals are attacking hospital networks through medical devices infected with malware, according to a Computerworld report.
MEDJACK is the term researchers at cybersecurity firm TrapX call a medical device hijack, in which devices such as X-ray equipment, picture archiving and communication systems, diagnostic equipment and therapeutic equipment are vulnerable to attacks and become "backdoor" entryways into hospital systems, according to the report.
TrapX released a report on one such incidence where hackers accessed a network through malware-infected blood gas analyzers. TrapX conducted a simulated attack and found "once an attacker has established a backdoor within our target blood gas analyzer, or any other medical device, almost any form of manipulation of the unencrypted data stored and flowing through the device is possible."
Additionally, infected medical devices are tricky for hospitals and health systems because more often than not, the hospitals don't have access to the internal software; the manufacturers do. Therefore, hospitals are at the mercy of vendors to ensure that security is built and maintained in those devices, according to the report.
More articles on cybersecurity:
Judge dismisses class-action lawsuit against UPMC for 2014 data breach
Healthcare now spending billions to defend the IT systems it spent billions to install
Cyberattack exposes data of 1.1M CareFirst BCBS members: 6 things to know