Security Risks in Medical IoT Devices – MEDJACK Malware Review

Internetofthings Computer

Devices on the Internet of Things are a weak point in many networks. Too often, they have outdated operating systems and poor security protection. IT administrators can’t get at their internals. Deploying insecure devices in healthcare systems can produce especially damaging consequences.

Security Risks in Medical IoT Devices

Health-related data is a prime target, and the legal penalties for failing to protect personal health information are severe. An infected device may not function properly, putting patients’ health and even lives at risk.

Current risks of medical IoT devices:

    • With the number of IoT devices growing from millions to 100s of millions centralized processes cannot scale​
    • Current processes are vulnerable to variety of threats.

Attacks on devices through MEDJACK

The MEDJACK attack provides a case in point. It’s a set of malware tools that target medical devices. MEDJACK takes advantage of weaknesses in older operating systems which are embedded in devices. They include Windows XP, 2000, and Server 2003, as well as some Linux distributions. It has gone through several revisions, each time devising new ways to bypass defenses.

It follows the “command and control” model, where it installs malware in a device which then sends data to a server that belongs to the attacker. The aim is to exfiltrate confidential data on the patient or the provider. Such data has high resale value. The devices serve as a pivot point from which the malware can reach other systems on the network.

The difficulties in defending against MEDJACK

Several factors make it difficult to detect and defend against these attacks. The devices are usually black boxes to the IT department. There often is no way to connect a console to them. Installing anti-malware software is difficult. Even if there is a way to do it, it may be inadvisable, since it would modify the behavior of an FDA-certified device. If a desktop computer stops running properly because of security software, it’s a nuisance that can be fixed. If a lifesaving device has the same problem, the consequences could be much worse.

As a result, the IT department is dependent on the manufacturer to issue security patches. Some manufacturers are slow at this. Some are reluctant to update certified devices, even though the FDA has issued guidelines stating that security patches don’t require re-certification of the device.

TrapX report – a case of malicious penetration

TrapX’s report, “Anatomy of an Attack,” describes three breaches that resulted from MEDJACK. They are similar in many ways, and a detailed look at the first will be informative.

A hospital, not named in the study, experienced several security alerts. The point of penetration was three blood gas analyzers, which had been breached in separate attacks. They had set up backdoors in the local network and were sending hospital data to a server in Europe. The amount of data stolen is uncertain, but there clearly was a breach.

After gaining a foothold in the devices, the attack used malware such as Zeus and Citadel to find passwords to other systems. The devices stored their data without encryption, simplifying the acquisition of confidential information.

Blood gas analyzers are used for critical treatment. They can’t simply be pulled out of service. Remedying the malware problem, even when it is known, is a difficult task.

The hospital had respectable network security. It had a firewall, heuristic intrusion detection, endpoint security, and antivirus software. These were insufficient to prevent intrusion because the devices had antiquated operating systems and because it was impossible to install security software on them.

TrapX concluded that the attackers could have not only stolen data but modified internal data. While the report doesn’t indicate that malicious modifications occurred, a similar attack could make devices produce false data on patients. That could lead to deadly errors in treatment.

Benefits of blockchain integration

Manufacturers using enabled blockchains can construct authorization/authentication databases. The QBRICS enterprise platform presents a unique example of an integrated blockchain solution. QBRICS proposes that authorization/authentication databases be propagated to read-only permission blockchain databases downstream using proprietary transmission protocols​. A plugin provided by the blockchain platform on IoT devices would then authenticate using the most proximate database. Fully deployed, relevant data from inventory, operational analytics (usage), marketing perspective would be readily accessible for consumption by business intelligence tools.The complete solution would provide:

    • No rogue devices (stolen devices, unauthorized vendors etc)​
    • Near-universal availability of device information (including software and hardware)​
    • Device movement and location information​
    • Device usage information ​
    • Device software upgrades easier (as targets easily identified, maintenance becomes easier)​


As this case shows, IoT-based attacks are difficult to prevent and detect. Several actions, however, can reduce the risk:

  • Take security features into account when selecting devices, when information on them is available.
  • Keep IoT devices on a separate subnetwork which doesn’t have access to critical information.
  • Use firewalls to strictly limit inbound and outbound access to IoT devices.
  • Run frequent security scans for any signs of infection.
  • Doing without the devices is rarely an option. The only alternative is to give extra attention to their security.