An In-Depth Look at The Medical Device Cybersecurity Startup Landscape
Health systems and hospitals face unprecedented cybersecurity challenges. In May 2016, 89% of healthcare organizations included in a study by the Ponemon Institute had experienced at least one data breach over the prior 24 month period. And, The U.S. Department of Health and Human Services Office for Civil Rights website indicates that health organizations—hospitals, health systems, medical centers, physician’s offices, and healthcare companies—have reported 449 data breaches in just the last 24 months.
In addition to worrying about data breaches, provider organizations need to think about attacks on their medical devices. Why? Because more and more medical devices are connected to the Internet. Connected medical devices offer many exciting benefits such as remote patient monitoring, automated dose adjustments, “smart” implants, and simpler imaging file transfers. But, they also create countless security problems.
The average bed in a U.S. hospital uses between 10 - 15 connected medical devices. These devices are a real threat to the health of the patient in each bed, the health of all of the patients in the hospital, and the hospital’s entire network. Just imagine if a connected device gets compromised and delivers a toxic dose of insulin or adds malignant-looking growths to a healthy CT scan—that would be a disaster. Now, imagine one of those scenarios happening with tens of thousands of medical devices—the damage would be catastrophic.
In response to these growing threats, several startups have created products to protect connected medical devices. And, in this article, you’ll get a look at the important work that they’re doing.
Building Better Security Into Medical Devices
67% of the medical device manufacturers who participated in a May 2017 study believed that hackers would attack at least one device they had built in the next 12 months. Just 17% of the device manufacturers included in that same study were “taking significant steps to prevent attacks.”
Connected medical device makers have a responsibility to protect their products from cyber threats. Yet, too many companies in the space haven’t prioritized security.
How do we know that manufacturers haven’t made security a priority? 39% of device manufacturers who participated in the study mentioned above said they could confirm that hackers had taken control of their products at some point.
To solve these problems and make medical devices safer, several companies have created tools that allow device makers to add security features to their products. Here’s a look at the most promising startups in this space:
MedCrypt makes it easy for medical device manufacturers to improve the data security of their products by encrypting and verifying their data with just a few lines of code. The startup also helps device makers meet the new FDA guidelines for cybersecurity by allowing them to use digital signatures, detect intrusions, and publish a Cybersecurity Bill of Materials.
Galen Data is a secure connectivity platform that allows medical device companies to connect to cloud data in a faster, less expensive way. With Galen Data, device manufacturers can connect their products to FDA-compliant data storage and analysis infrastructure using a web API and platform SDK. The company’s other tools simplify the processes of visualizing collected data, modeling how data is collected and stored, and setting up remote patient monitoring.
Nova Leah has created a cybersecurity compliance and risk analysis system for medical device manufacturers. Manufacturers use Nova Leah to analyze vulnerabilities across devices and at the specific device level, automate compliance reporting, create test plans, and more.
Cybeats is a security orchestration and monitoring tool and firmware lifecycle management system for smart buildings, enterprises, medical devices, and other IoT devices. It protects connected medical devices from attacks by detecting threats, “distributing updated firmware as needed”, and “monitoring device health.” Cybeats also offers to provide a Cybersecurity Bill of Materials to its customers.
Health Linkages bills itself as a “data provenance company.” While it hasn’t released many details about its technology, Health Linkages seems to secure data for medical devices, and health systems more broadly, using blockchain.
Monitoring Connected Medical Device Security At The Network Level
Medical device makers aren’t the only group with responsibility for preventing cyber attacks on their products. Health systems, hospitals, and other healthcare delivery organizations have to be accountable here as well.
Hospitals have tens of thousands of medical devices in their buildings, and most of them are connected to the Internet in some way. Each device presents an opportunity for a hacker to gain access to the entire hospital’s system, meaning an attack on one device presents a threat to every other device, computer, and server on the network.
Hospitals and care delivery organizations can’t afford to suffer large-scale medical device hacks. For that reason, many startups have emerged to help them track all of the devices on their networks and stop attacks in their tracks.
Cylera is an innovative startup in this space. It protects against medical device cybersecurity attacks by analyzing health systems’ and hospitals’ networks to identify and categorize the devices on them. With this information, it looks for vulnerabilities, identifies breaches, and protects against threats in a way that doesn’t interfere with device performance or patient health.
Cynerio is another startup that wants to secure connected medical devices by giving providers visibility into the devices that are on their networks, detecting anomalies, and stopping attacks. The company plans to accomplish these goals by constantly monitoring the behavior of providers’ connected medical devices.
CyberMDX is an Internet of Medical Things (IoMT) cybersecurity company with an interesting solution. Its product enables providers to discover and track the IoMT and IoT devices on their networks, assess each device and the overall network for risks, and contain threats from a centralized dashboard.
This sector has gotten quite crowded, and other startups in it that deserve an honorable mention include:
Zingbox develops IoT security solutions for healthcare organizations, enterprises, and manufacturers. It tracks all of the connected devices on providers’ networks, uses machine learning instead of “traditional endpoint security agents” to identify threats, and creates usage policies for different groups of devices.
Virta Labs allows providers’ IT and clinical engineering teams to track and identify medical devices on their networks, determine the risk to each device, share relevant data with other teams, and see the complete history for every connected device.
Medigate’s initial product started as a medical device security platform for health systems and hospitals. This solution gives administrators visibility into the connected devices on their clinical network, identifies threats, and “minimizes the device attack surface through clinical micro segmentation and tailored security policies.” Over the past year, it has expanded to provide a general IoT security product to enterprises.
MediTechSafe’s solution is similar to CyberMDX’s and Medigate’s products. It allows hospitals’ IT teams to track device inventory and connectivity, estimate the risk for each device on the network, create security control plans for each IoMT product, and report on their risk management efforts.
Armis is a general IoT security tool that also offers a passive, agentless IoMT solution to health systems and hospitals. It gives providers visibility into all of the connected devices on their networks and monitors these devices to detect vulnerabilities, identify threats, and stop attacks from spreading.
Senrio allows hospital IT teams to track and categorize all of the connected products—including phones, medical devices, computers, and servers—on their networks. While it’s not a tool built specifically for medical device security, Senrio users will know right away when a rogue device joins their network.
Medical Device Cybersecurity Startups Investor and Funding Landscape
You now have a better understanding of how different cybersecurity startups plan to protect medical devices from intrusions. But, to fully grasp the competitive landscape, you need to look at each company’s funding.
That’s why our team compiled the funding data and investor list for each startup mentioned in this piece. As you’ll see, several companies have raised tens of millions of dollars, and one company has secured more than one hundred million dollars in venture backing. Check out the Airtable database below to see how medical device cybersecurity startups stack up in terms of their funding: