Medjacking, or medical device hijacking, is a new kind of cybersecurity threat to health care systems. Medjacking involves hacking into medical devices using backdoors to access software on the device. Since many of the vulnerable medical devices, such as life-support equipment and diagnostic equipment, use older or standard operating systems, the biggest challenge for a hacker is getting the digital tools needed to hack these devices onto the devices themselves at the start. Using infected emails, or malware containing memory sticks, hackers gain access to vulnerable medical devices.
Gaining access to a single medical device in a healthcare system often provides a hacker with access to an entire network of devices and equipment, all while the healthcare system is none the wiser. Once inside a healthcare system, a hacker can gain unauthorized access to a wealth of patient information and protected health data. There have been several confirmed cases in which a medical device or piece of equipment in a healthcare system was infected with malware for the purpose of gaining access to more valuable information in a different part of the system.
Addressing Vulnerabilities in Medical Devices
To date there has been little headway in terms of addressing cybersecurity vulnerabilities in medical devices. Many medical devices are wireless, or connected to the internet, which make them particularly attractive targets for hackers. While the Food and Drug Administration (FDA) does provide feedback concerning cybersecurity vulnerabilities of medical devices that are seeking FDA approval, the FDA’s feedback is merely advisory in nature. Companies are still permitted to sell devices that the FDA has expressed concern about in terms of cybersecurity vulnerabilities. Fortunately, the FDA recently introduced new guidance concerning the security of medical devices. Medical device and equipment companies could take steps to secure backdoors in the device software.
What Can Be Done to Mitigate Medjacking Risk?
Currently the best approach for avoiding cybersecurity risks posed by vulnerable medical devices is to use devices that have a high cybersecurity standard and the best security features. A device that has an encrypted transmission feature is far safer than a device that does not. Healthcare systems could also promote cybersecurity by separating various networks from one another. Having medical devices on one network and sensitive patient health information on a separate network will help ensure the security of protected patient health records.
New threats are constantly being developed by hackers and discovered by security teams, and all healthcare systems are likely to encounter some sort of cyber security breach. Medjacking is just another example of the potential security threats that are out there putting patient health information at risk of unauthorized disclosure.
Contact a Healthcare Cybersecurity Lawyer
Medjacking is a new, but very real, cybersecurity threat to health care systems. Revision Legal has worked with countless healthcare entities to manage their cyber security legal matters and we are ready and available to help you. Contact the experienced health care data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.
