Perhaps nowhere does the internet of things present a more real risk than in the healthcare industry. With approximately 100 million (and growing) connected medical devices assisting in diagnosis and treatment, the IoT is crucial to healthcare—and is also frequently targeted by hackers.
The Ponemon Institute reported last year that over 90 percent of healthcare providers have experienced at least one data breach within the last two years. In an industry that depends on patient privacy and unhackable devices, this presents a significant problem.
Right now, healthcare organizations rely primarily on cybersecurity products like firewalls to secure devices, a practice that isn’t particularly effective because of the inherent differences between medical devices and other types of IoT products. For example, they frequently can’t be patched, updated via an online system, or managed with endpoint security. They offer less user control, leaving this information less protected.
There are developers currently designing security into medical device hardware, just as there are security experts working to build IoT databases and platforms that are harder for hackers to access. But are these measures enough?
An IoT Platform Designed for Medical Device Security
Enter Israeli startup, Medigate, which recently announced $5.35 million in seed funding for securing connected medical devices across provider networks. Medigate provides a medical device security platform that specifically seeks to secure networked medical devices connected to electronic records, servers, and enterprise systems and the internet. The funding comes from YL Ventures and Blumberg Capital.
According to Medigate, their platform protects medical devices by putting a medical device spin on familiar security tactics:
- Identifying devices on a network
- Characterizing present devices
- Monitoring devices for communications, protocols, and behaviors
By gathering and analyzing this information, the platform is able to more easily recognize when a device or network is compromised.
Yoav Leitersdorf, a managing partner at YL Ventures, which led the Medigate funding round said, “[Medical] devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyber attacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk."
The Medigate team. Image courtesy of Johnathan Langer via Medium.
Medigate emphasizes that health care providers must be able to quickly and safely connect existing and new devices to networks due to the demands of the industry, but points out the danger of ransomware attacks like WannaCry, which successfully targeted healthcare systems.
Jonathan Langer, Medigate cofounder and CEO, says, “It’s an imperative to connect devices to the network, both to manage and monitor devices in real time and to understand and analyze the large amounts of data generated from these devices.” He continued, “Connected devices area ripe target for cybercriminals."
This is an especially worrying sentiment given the uptick in malware and ransomware attacks this year. If users are tempted to cave to hacker demands to protect their laptop data, imagine the damage that could be wrought by a campaign that holds medical data hostage. Worse, imagine the consequences if said medical data were irreparably damaged in the crossfire.
The creation and immediate support of such a company indicate a growing acknowledgment of how vulnerable healthcare data is, even as the amounts of data collected skyrockets over time.
Right now, the Medigate Security Platform is available to qualified customers, though it is limited. By mid-2018, it should be available to the public at large.