SAN MATEO, Calif. – February 9, 2017 – TrapX Security®, a global leader in advanced cybersecurity defense, today announced vice president of product strategy Anthony James will be speaking at RSA on the topic of vulnerabilities and attack strategies affecting today’s global healthcare institutions.
What: James will detail how a medical device at a hospital headquarters with ten member hospitals was compromised because the device was using an older operating system. James will explain how deception technology was used to identify an X-ray image viewer that the attacker compromised and used as a command and control center, enabling it to move laterally through the hospital’s network.
“The core payload exhibited new characteristics and increased sophistication we had not observed in previous medical-device hijack attacks,” said James. “First, the attacker’s tools had functionality for detecting virtual machines – they would not run under a virtual machine or sandbox environment. Second, the attacker’s tools utilized methods to prevent debugging, so the attack could not be easily analyzed.”
The attacker polled and inspected medical devices on the network every few hours seeking critical healthcare data, but only injected medical devices with old operating systems.
When: Thursday, February 16, 2017
8:00 a.m. – 8:45 a.m. PT
Where: Moscone South #308
747 Howard St, San Francisco, CA 94103
Background: Healthcare institutions are targeted by medical device hijacks on a regular basis. Examples of previous medical hijacks (Medjack) can be found in a report TrapX published in June, 2016. That report can be downloaded here: http://deceive.trapx.com/rs/929-JEW-675/images/AOA_Report_TrapX_MEDJACK.2.pdf. In a Medjack, attackers design specific malware tools with the goal of establishing a “back door” within a medical device. Once a connection has been made, the attacker’s agenda is typically to steal hospital data, which is quickly sold on the dark web. In this particular attack, deception technology installed on the hospital’s internal network used TrapX’s emulated medical device to attract, trap and engage attacker software tools.
Why Medical Devices?
Attackers are drawn to medical devices because they are highly vulnerable. Many use legacy operating systems that are missing key security enhancements. What’s more, there are no after-market security solutions; medical devices are closed systems and cannot be scanned easily. Because medical devices are expensive and have long lifecycles, it is difficult to throw them away and replace them. And medical devices must be serviced by the manufacturer; no one at a healthcare facility can remediate a cyber intrusion.
Interview Opportunities: There will be a media Q & A immediately following the discussion. Because space is limited, please RSVP to [email protected] to reserve a seat.