MedTech Terms
    The authoritative reference
    Compare

    Two terms, side by side

    Pick any two terms to see definitions, context, pitfalls, and sources in parallel.

    Cybersecurity

    Medjacking

    In one line
    Compromise of a networked medical device to use it as a foothold inside a hospital network or to manipulate clinical function.
    Definition
    Medjacking - short for medical device hijacking - was popularized by the security firm TrapX in its 2015 'MEDJACK' report and the 2016 'MEDJACK.2' and 2017 'MEDJACK.3' follow-ups, which documented attackers using out-of-date, unmanaged medical devices (blood gas analyzers, PACS workstations, infusion pumps, imaging consoles) as long-lived footholds inside hospital networks. Because medical devices often run unsupported operating systems, are exempt from routine IT patching, and live on flat clinical networks, they make ideal pivot points: an attacker who lands on a CT console can move laterally to EHRs, billing systems, or other devices while evading the endpoint detection tools deployed on standard IT assets. Medjacking can also describe direct manipulation of the device's clinical function - changing infusion pump flow rates, ventilator settings, or imaging parameters.
    Why it matters
    Mitigation is shared between the manufacturer and the healthcare delivery organization. Manufacturers reduce the attack surface (no default credentials, signed updates, least-privilege services, current OS, MDS2 disclosure, SBOM + VEX). Hospitals isolate clinical networks, maintain a real-time medical-device asset inventory, monitor for anomalous behavior, and follow the MITRE/FDA response playbook when devices are suspected of compromise.
    Common pitfalls
    • Shipping devices on long-out-of-support operating systems with no patching pathway.
    • Assuming the hospital network is a trusted environment - it is not.
    • Omitting an MDS2 form and SBOM, leaving hospital security teams unable to assess exposure.
    • Treating medjacking as an IT problem rather than a joint manufacturer/operator responsibility.
    Open full page
    Select term B to compare.

    Why compare MedTech terms side by side?

    MedTech terminology is full of pairs that look interchangeable but carry very different regulatory, clinical, and commercial consequences. Picking the wrong framework, pathway, or standard early in a project can add months to a submission, invalidate clinical evidence, or trigger an audit finding. Side-by-side comparison is the fastest way to surface those differences before they become costly mistakes.

    Each comparison on this page pulls from the same vendor-neutral, sourced definitions used throughout the MedTech Terms glossary. You see the one-line summary, the formal definition, why it matters in practice, common pitfalls, and the primary sources (FDA guidance, EU MDR/IVDR articles, ISO/IEC standards, MDCG documents, IMDRF principles) that back each entry. That makes the comparison defensible in regulatory strategy memos, design reviews, and submission narratives.

    Common comparison patterns

    How to use this tool

    Pick term A and term B from the dropdowns, or click a preset above. The URL updates with both slugs so you can bookmark or share the exact comparison with a colleague, a notified body reviewer, or your regulatory consultant. Click Open full page on either side for the complete entry, including FAQs, related terms, and the full citation list. If you are not sure which term to start with, browse the Categories view or the A-Z index.

    MedTech Terms is a vendor-neutral community resource sponsored by Blue Goat Cyber. Definitions are written for educational use and are not legal or regulatory advice.