MedTech Terms
    The authoritative reference
    All terms

    Medjacking

    Compromise of a networked medical device to use it as a foothold inside a hospital network or to manipulate clinical function.

    Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

    Definition

    Medjacking - short for medical device hijacking - was popularized by the security firm TrapX in its 2015 'MEDJACK' report and the 2016 'MEDJACK.2' and 2017 'MEDJACK.3' follow-ups, which documented attackers using out-of-date, unmanaged medical devices (blood gas analyzers, PACS workstations, infusion pumps, imaging consoles) as long-lived footholds inside hospital networks. Because medical devices often run unsupported operating systems, are exempt from routine IT patching, and live on flat clinical networks, they make ideal pivot points: an attacker who lands on a CT console can move laterally to EHRs, billing systems, or other devices while evading the endpoint detection tools deployed on standard IT assets. Medjacking can also describe direct manipulation of the device's clinical function - changing infusion pump flow rates, ventilator settings, or imaging parameters.
    What the regulation says
    FDA's 2023 premarket cybersecurity guidance and Section 524B of the FD&C Act push manufacturers to ship devices that resist medjacking by design: hardened OS configurations, signed firmware, network segmentation guidance for operators, coordinated vulnerability disclosure, and a postmarket plan to patch vulnerabilities throughout the supported lifetime. CISA and HHS HC3 publish operator-side guidance (network segmentation, asset inventory, clinical-network monitoring) aligned with the NIST Cybersecurity Framework and the HSCC Joint Security Plan. The FDA-led Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook (MITRE, updated 2022) is the reference response framework when a medjacking-style incident occurs.

    What this means in practice

    Mitigation is shared between the manufacturer and the healthcare delivery organization. Manufacturers reduce the attack surface (no default credentials, signed updates, least-privilege services, current OS, MDS2 disclosure, SBOM + VEX). Hospitals isolate clinical networks, maintain a real-time medical-device asset inventory, monitor for anomalous behavior, and follow the MITRE/FDA response playbook when devices are suspected of compromise.
    Common pitfalls
    • Shipping devices on long-out-of-support operating systems with no patching pathway.
    • Assuming the hospital network is a trusted environment - it is not.
    • Omitting an MDS2 form and SBOM, leaving hospital security teams unable to assess exposure.
    • Treating medjacking as an IT problem rather than a joint manufacturer/operator responsibility.

    Frequently asked questions

    It was coined by the security firm TrapX in its 2015 'Anatomy of an Attack: Medical Device Hijack (MEDJACK)' report, which documented attackers using compromised medical devices as persistent footholds in hospital networks, with follow-up MEDJACK.2 (2016) and MEDJACK.3 (2017) reports.

    Primary references

    5 sources
    Link health: 2 verified 2 bot-blocked 1 needs review· last checked 2026-05-09
    Healthcare IT News·1Dark Reading·1MITRE·1HHS HC3·1FDA·1
    1. 1
      TrapX 'MEDJACK' Report (2015) - archived overview
      Needs review
      Healthcare IT Newshealthcareitnews.com
    2. 2
      TrapX MEDJACK.2 (2016) coverage
      Bot-blocked
      Dark Readingdarkreading.com
    3. 3
      Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook (MITRE, 2022)
      Verified
      MITREmitre.org
    4. 4
      HHS HC3 Threat Briefs - Medical Device Security
      Verified
      HHS HC3hhs.gov
    5. 5
      FDA Cybersecurity Guidance (Sept 2023)
      Bot-blocked
      FDAfda.gov

    Inline markers like [1] jump to the matching reference above.