Medjacking is a Real Threat to Health Care Systems featured image

Medjacking is a Real Threat to Health Care Systems

by John DiGiacomo

Partner

Cyber Security Data Breach

Medjacking, or medical device hijacking, is a new kind of cybersecurity threat to health care systems. Medjacking involves hacking into medical devices using backdoors to access software on the device. Since many of the vulnerable medical devices, such as life-support equipment and diagnostic equipment, use older or standard operating systems, the biggest challenge for a hacker is getting the digital tools needed to hack these devices onto the devices themselves at the start. Using infected emails, or malware containing memory sticks, hackers gain access to vulnerable medical devices.  

Gaining access to a single medical device in a healthcare system often provides a hacker with access to an entire network of devices and equipment, all while the healthcare system is none the wiser. Once inside a healthcare system, a hacker can gain unauthorized access to a wealth of patient information and protected health data. There have been several confirmed cases in which a medical device or piece of equipment in a healthcare system was infected with malware for the purpose of gaining access to more valuable information in a different part of the system.

Addressing Vulnerabilities in Medical Devices

To date there has been little headway in terms of addressing cybersecurity vulnerabilities in medical devices. Many medical devices are wireless, or connected to the internet, which make them particularly attractive targets for hackers. While the Food and Drug Administration (FDA) does provide feedback concerning cybersecurity vulnerabilities of medical devices that are seeking FDA approval, the FDA’s feedback is merely advisory in nature. Companies are still permitted to sell devices that the FDA has expressed concern about in terms of cybersecurity vulnerabilities. Fortunately, the FDA recently introduced new guidance concerning the security of medical devices. Medical device and equipment companies could take steps to secure backdoors in the device software.

What Can Be Done to Mitigate Medjacking Risk?

Currently the best approach for avoiding cybersecurity risks posed by vulnerable medical devices is to use devices that have a high cybersecurity standard and the best security features. A device that has an encrypted transmission feature is far safer than a device that does not. Healthcare systems could also promote cybersecurity by separating various networks from one another. Having medical devices on one network and sensitive patient health information on a separate network will help ensure the security of protected patient health records.

New threats are constantly being developed by hackers and discovered by security teams, and all healthcare systems are likely to encounter some sort of cyber security breach. Medjacking is just another example of the potential security threats that are out there putting patient health information at risk of unauthorized disclosure.

Contact a Healthcare Cybersecurity Lawyer

Medjacking is a new, but very real, cybersecurity threat to health care systems. Revision Legal has worked with countless healthcare entities to manage their cyber security legal matters and we are ready and available to help you. Contact the experienced health care data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side