Medjacking is a Real Threat to Health Care Systems featured image

Medjacking is a Real Threat to Health Care Systems

by John DiGiacomo

Partner

Cyber Security Data Breach

Medjacking, or medical device hijacking, is a new kind of cybersecurity threat to health care systems. Medjacking involves hacking into medical devices using backdoors to access software on the device. Since many of the vulnerable medical devices, such as life-support equipment and diagnostic equipment, use older or standard operating systems, the biggest challenge for a hacker is getting the digital tools needed to hack these devices onto the devices themselves at the start. Using infected emails, or malware containing memory sticks, hackers gain access to vulnerable medical devices.  

Gaining access to a single medical device in a healthcare system often provides a hacker with access to an entire network of devices and equipment, all while the healthcare system is none the wiser. Once inside a healthcare system, a hacker can gain unauthorized access to a wealth of patient information and protected health data. There have been several confirmed cases in which a medical device or piece of equipment in a healthcare system was infected with malware for the purpose of gaining access to more valuable information in a different part of the system.

Addressing Vulnerabilities in Medical Devices

To date there has been little headway in terms of addressing cybersecurity vulnerabilities in medical devices. Many medical devices are wireless, or connected to the internet, which make them particularly attractive targets for hackers. While the Food and Drug Administration (FDA) does provide feedback concerning cybersecurity vulnerabilities of medical devices that are seeking FDA approval, the FDA’s feedback is merely advisory in nature. Companies are still permitted to sell devices that the FDA has expressed concern about in terms of cybersecurity vulnerabilities. Fortunately, the FDA recently introduced new guidance concerning the security of medical devices. Medical device and equipment companies could take steps to secure backdoors in the device software.

What Can Be Done to Mitigate Medjacking Risk?

Currently the best approach for avoiding cybersecurity risks posed by vulnerable medical devices is to use devices that have a high cybersecurity standard and the best security features. A device that has an encrypted transmission feature is far safer than a device that does not. Healthcare systems could also promote cybersecurity by separating various networks from one another. Having medical devices on one network and sensitive patient health information on a separate network will help ensure the security of protected patient health records.

New threats are constantly being developed by hackers and discovered by security teams, and all healthcare systems are likely to encounter some sort of cyber security breach. Medjacking is just another example of the potential security threats that are out there putting patient health information at risk of unauthorized disclosure.

Contact a Healthcare Cybersecurity Lawyer

Medjacking is a new, but very real, cybersecurity threat to health care systems. Revision Legal has worked with countless healthcare entities to manage their cyber security legal matters and we are ready and available to help you. Contact the experienced health care data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.

Extra, Extra!
Recent Posts

2025 Changes to Trademark Fees

2025 Changes to Trademark Fees

Trademark

There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]

Read more about 2025 Changes to Trademark Fees

Automated Decision-Making Technology: California Releases Proposed Regulations

Automated Decision-Making Technology: California Releases Proposed Regulations

Internet Law

In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]

Read more about Automated Decision-Making Technology: California Releases Proposed Regulations

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Put Revision Legal on your side