Israeli startup Medigate announced $5.35 million in seed funding for its mission to secure the use of the millions of connected medical devices on healthcare provider networks. Backing for the technology platform, which lets CISOs and security teams defend networked medical devices from cyberattacks, comes from YL Ventures, with participation from Blumberg Capital.
Healthcare providers today depend on nearly 100 million connected medical devices to deliver innovative, cost-effective and lifesaving treatment to patients, and the number of these connected devices is expected to double in the next 2-3 years. Unfortunately, the incidence of actual cyberattacks targeting healthcare providers is also skyrocketing. In fact, according to the Ponemon Institute, more than 90 percent of healthcare providers suffered at least one data breach in the last two years. Medical devices are already a target, as seen in attacks such as MEDJACK that started in 2015 and continues today. Existing and pending patient privacy and medical device regulations and FDA guidance raise the stakes even more.
IT and security operations teams must do more to protect both their organizations and their patients. Medigate was created to address these challenges.
According to Gartner Research analysts, “The possibility of cybersecurity threats intensifies exponentially as more medical devices utilize embedded software and firmware components and are connected to the internet, to healthcare networks and to other connected medical devices in a peer-to-peer fashion.”1
The Medigate solution is a dedicated platform for securing networked medical devices that are connected to electronic medical records, device servers, other enterprise systems and the internet. Medigate’s solution fuses the knowledge and understanding of medical workflow and device identity and protocols with the reality of today’s cybersecurity threats. Only Medigate can provide visibility into all the medical devices connected to the network, fully identify these devices by type and personality and analyze and understand their specialized protocols, communications and behaviors. By using this knowledge to detect anomalies and suspicious activities, Medigate protects connected medical devices from network attacks and data exfiltration attempts.
“Connected medical devices – from patient monitors, MRIs and CAT scanners to infusion pumps and yet-to-be invented devices — are critical to the delivery of healthcare today and are revolutionizing the care of tomorrow,” said Yoav Leitersdorf, managing partner at YL Ventures, which led the Medigate funding round. “These devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyberattacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk. Medigate’s solution directly addresses this crucial problem by mitigating targeted attacks on medical devices.”
Today, organizations depend on existing cybersecurity products, such as general-purpose firewalls, as well as current IT best practices, to secure connected medical devices. However, because medical devices are different from other IT devices, these approaches fall dramatically short in effectiveness. Medical devices can’t be patched, updated online or actively managed with endpoint security software products. Existing firewalls fail to understand how these devices work and communicate, leaving them vulnerable to attacks over both typical network protocols and unique medical device protocols. And while device manufacturers will continue to deliver more secure devices, today’s secure device often becomes tomorrow’s risk when targeted by creative and determined attackers.
"Many within the healthcare community are struggling to keep up with medical device cybersecurity,” said Billy Rios, founder and CEO of WhiteScope and one of the industry's most respected experts on emerging threats to medical devices, software security, Industrial Control Systems (ICS) and critical infrastructure. “I'm happy to see innovative startups like Medigate investigating solutions for this space.”
According to a Forrester report authored by Senior Analyst Chris Sherman, "You have less control
over connected medical devices than any other aspect of your technology environment. Many times, vendors control patch and update cycles and vulnerabilities persist that require segmentation from your network. Considering that many of these devices are in direct contact with patients, this is a major cause for concern."
"Sophisticated cyberthreat actors are increasingly targeting the ubiquitous medical devices used by healthcare providers. Recent examples include attempts to extort money by paralyzing healthcare delivery, but soon, attackers may seek to directly harm patients. In parallel, the installed base of connected medical devices lacks effective defenses as they implement limited and hard-to-update security capabilities and have long service lives, " said Tom Baltis, CISO of Delta Dental Insurance Company. "Protecting these medical devices requires solutions that speak their proprietary or unique languages with native fluency and block attacks without disrupting critical care delivery.”
“Because it is not possible to effectively deploy endpoint security solutions and regular security patches to these devices, they significantly increase the exposure in my organization’s overall risk posture,” said Heath Renfrow, U.S. Army Medicine CISO. “A product like Medigate would add a much necessary layer of defense, significantly reducing the risk of medical device vulnerabilities to my networks.”
By delivering a dedicated medical device security platform, Medigate allows providers to more safely operate all medical devices on their network. Medigate discovers and secures existing and new devices, ensuring that these devices continue to deliver lifesaving treatments and protect patient confidentiality.
“The team at Medigate has the right vision to help organizations safely connect devices to their networks and protect against cyber risk. Protecting devices at a network level is the only way to ensure success. Medigate is defining and leading the market for connected medical device security,” Leitersdorf added.
Jonathan Langer, Medigate CEO and co-founder, explains that to be competitive in both care delivery and cost, today’s medical providers must be able to quickly and safely connect existing and new devices to their networks.
“It's an imperative to connect devices to the network, both to manage and monitor devices in real time and to understand and analyze the large amounts of data generated from these devices. At the same time, we see backdoor attacks like MEDJACK and ransomware attacks like WannaCry and NotPetya successfully targeting healthcare providers. Connected devices are a ripe target for cybercriminals,” said Langer. “The Medigate solution is designed to effectively protect medical devices from these attacks and eliminate this pandemic risk.”
The Medigate Security Platform is currently in limited availability to qualified customers. General availability will be in mid-2018. For more information, visit medigate.io.
1 Gartner, Top Three Security and Privacy Impacts of Connected Medical Devices on Healthcare Providers, 27 September 2017
2 Forrester Research, Inc., Healthcare's IoT Dilemma: Connected Medical Devices, 20 May 2016.See the latest posts on our homepage