TrapX Security, a cyber security firm, reported that cyber-attacks continue to target the healthcare industry, leading to an influx of attacks against hospital networks that have successfully penetrated security defenses and continue to compromise medical devices, which are often vulnerable to attackers.
The company released the second edition of its report “Anatomy of an Attack – Medical Device Hijack 2” (MEDJACK 2). The report explains how attackers have evolved and are now increasingly targeting medical devices that use legacy operating systems that contain known vulnerabilities.
By camouflaging old malware with new techniques, the attackers are able to successfully bypass traditional security mechanisms to gain entry into hospital networks and ultimately to access sensitive data.
Healthcare is now the most frequently attacked industry, beating out financial services, retail and other industries, according to IBM Security. As a result, it has been very difficult for healthcare organizations to keep pace with the number and sophistication of attacks they have to deal with.
“We saw from the first MEDJACK report that persistent medical-device attacks targeting hospital networks went undetected for months,” Greg Enriquez, CEO of TrapX Security, said. “Over the last year we saw the compromise of healthcare networks come into the public spotlight, making frequent news headlines. Evidence confirms that sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market.”
MEDJACK 2 is based on research gathered from attacks documented by medical organizations that have deployed TrapX security. The report details threat data and analysis in three new hospital case studies that chronicle the sophisticated evolution of ongoing advanced persistent attacks detected between late 2015 and early 2016.
The attacks, which target medical devices deployed within hospitals’ computer networks, contain a multitude of backdoors and botnet connections, giving remote access for attackers to launch their campaign, according to the company.
The initial MEDJACK report, which was issued in June 2015, described how attackers used medical devices to steal hospital records over an extended period of time and also to threaten overall hospital operations and the security of patient data.
TrapX recommended that hospital staff review budgets and cyber-defense initiatives at the organizational board level and consider bringing in technologies that can identify attacks within their networks, not just at the perimeter.
“In addition, healthcare organizations need to implement strategies that review and remediate existing medical devices, better manage medical device end-of-life and carefully limit access to medical devices,” Moshe Ben Simon, company VP, said. “It becomes essential to leverage technology and processes that can detect threats from within hospital networks.”
The company plans to hold a webinar based on the report Tuesday, July 26 at 9 am PDT.