A number of cyber security companies have expanded or adapted their systems to be used in healthcare - while some focus solely on medical devices
It’s become known as the Internet of Medical Things (IoMT) – and the rapid growth of connected medical devices has led to an increased need for healthcare companies to ensure their products are equipped with proper cyber security systems.
These devices are top targets for cyber criminals due to the sensitive nature, and valuable intellectual property, of the patient data they collect, store and share.
As well as stealing this data, cyber criminals can be intent on data destruction, which often takes the shape of ransomware – a type of malicious software preventing access to a computer system or data until a ransom fee is paid.
In the healthcare setting, this may also involve tampering with medical devices to seriously impact patient care.
Here we look at five companies that offer protection to medical devices against cyber-attackers.
Medical device cyber security companies
Whereas the other companies on this list provide cyber security for a range of industries, MedCrypt’s system is built specifically – and solely – for medical devices.
This means its highest priority is clinical functionality, and it claims to offer a healthcare-first approach that differs from most internet of things (IoT) solutions.
The US company secures a range of medical technologies, from pacemakers to surgical robots.
It also does this in accordance with US Food and Drug Administration (FDA) regulations, which state that cyber security should be integrated directly into devices rather than into a hospital’s own IoT network.
This also means its system is proactive – pre-emptively defending against security breaches rather than responding once a cyber-attack has already occurred.
MedCrypt claims its cyber security provides continued vulnerability monitoring long after it has been released, highlighting any potential weaknesses in a device.
The California-based company was founded in 2016, and has received a total of $8.4m across four separate funding rounds – most recently securing $5.3m in May 2019.
Zingbox, founded in 2014, is a US-based cyber security provider that offers AI-powered, automated solutions without needing to be installed on every device in a company’s IoT network.
Its IoT Guardian system analyses the typical activity of the thousands of devices in its repository to establish a baseline of normal behaviour.
This can then be used to spot abnormal activity that indicates a cyber-attack is occurring or has occurred.
It also provides security across the entire IoMT life cycle – from identifying a problem to optimising its performance, and finally retiring the device securely at the end of its lifespan.
In doing this, Zingbox hopes to use machine learning to provide “uninterrupted, quality patient care” in hospitals.
IoT Guardian has been deployed in 11.2 million medical devices worldwide. It is used in the University of Iowa’s hospitals and clinics, and by Texas-based healthcare centre United Regional.
Much like Zingbox, the Cybeats security platform operates by using an existing, trusted device profile to define the normal behaviour of a medical device – making abnormal activity more detectable.
But whereas traditional security systems respond by quarantining an infected device and preventing it from operating, Cybeats’ software identifies the exact root cause of the behavioural change in seconds.
This allows for the threat to be removed immediately, meaning there is no downtime where the device cannot be used.
Because connected devices being used in patient care must function continuously, this is especially important in hospitals.
Cybeats’ platform also means manufacturers can discover any security issues with a medical device during the development phase – before it even reaches a healthcare provider.
The Canadian start-up was co-founded in 2016 by Israeli IT experts Dmitry Raidman, Peter Pinsker and Vlad Kharbash, and secured its first significant funding round – totalling $3m – in December 2018.
US start-up Armis was founded in 2015, and provides “agentless” cyber security for medical device companies.
Agentless safeguarding is 100% passive, which Armis says is important because unmanaged IoT devices can’t host a cyber security agent.
It also removes the need to scan devices for threats and security breaches.
This is also beneficial as scanning can disrupt or even crash medical devices while they are in use – something healthcare providers can’t afford to happen.
Armis claims its software-as-a-service (SaaS) platform can be installed in minutes, and requires no network changes because it uses the same infrastructure that companies already have in place.
The start-up provides protection for a range of devices in the IoMT, such as infusion pumps, heart monitors, and MRI and X-ray machines.
Companies currently using Armis’ software include South Korean tech giant Samsung, US computer company Oracle and Irish pharmaceutical firm Allergan.
South Korean tech company Trustonic was founded in 2011, and has made a name for itself in protecting smartphones, wearables and other IoT devices – predominantly in the financial and automotive sectors.
Its Trustonic Secured Platform (TSP) is used to protect a range of mobile devices against cyber-attacks.
Through its work in protecting IoT innovations in particular, the company is gradually moving into protecting medical devices like Optolane’s smart diagnostic tool for analysing tissue samples.
TSP is used to keep the storage and transmission of sensitive patient data secure by encrypting it while it is being shared in the cloud.
It also ensures the sensitive data held by medical devices is fully protected in a secure, physically isolated environment known as a TEE (trusted execution environment).
Trustonic says TSP has been integrated into more than 1.7 billion devices across the world.