Medjack is a form of malware that was specifically developed to attack medical devices, such as heart monitors, CT and MRI machines, insulin pumps and PAC systems.
Medjack has been in existence since 2015, and Medjack.2 came on the scene in the summer of 2016. Medjack.2 was able to bypass security controls and use cybersecurity tools to install backdoors and move within a healthcare system without notice.
Security researchers at TrapX have now discovered a third version of Medjack, dubbed Medjack.3, which hackers are using an old malware spreader to attack medical devices that are connected to older operating systems.
The conclusion is that any medical device that is connected to an old unpatched operating system is vulnerable to Medjack.3 and will accept the malware without detection. These systems include Windows XP and Windows 2003, 2008, and 2012. TrapX is warning healthcare providers that are using older operating systems that Medjack.3 may already have infected the networks and therefore, any medical devices connected to them.
Health care providers may wish to determine whether Medjack.3 is affecting their networks, and therefore, any medical devices connected to them.