A new version of Medjack, a malware program designed specifically to attack medical device, has been discovered, according to a Data Privacy + Security Insider report.
The new version, dubbed MedJack.3 by cybersecurity group TrapX, was found being used through an old malware spreader to attack medical devices connected to older operating systems, according to the report.
The group warned that any medical devices connected to old, unpatched operating systems are vulnerable to Medjack.3.
Earlier versions of the malware were designed to bypass security controls and use cybersecurity tools to install backdoors and spread within healthcare computer systems, according to the report.
In January, a US Department of Homeland Security official warned that medical devices will increasingly be the target of ransomware.
Threats to medical devices are expanding alongside the expansion of Internet of Things technology, according to DHS Industrial Control Systems Cyber Emergency Response Team director Marty Edwards.
“It’s only a matter of time before we see some sort of significant type of events that involve patient safety that are cyber enabled. here have been a lot of healthcare providers and hospitals that have fallen prey to ransomware,” Edwards said at the HIMSS 17 pre-conference symposium in Orlando, according to HealthDataManagement.
Edwards said that its just a matter of time before ransomware moves to embedded devices, and believes this could be the year that such devices get hit by something equivalent with the Stuxnet computer worm, which was credited with causing major damage to Iran’s nuclear program.