Cybersecurity startup MedCrypt has attracted $750,000 in funding to develop solutions to protect healthcare IoT devices from cyberattacks. The seed financing was led by private equity firm Safeguard Scientifics of Philadelphia.
MedCrypt was formed in January 2016 and has been developing technology solutions that protect healthcare IoT devices from hackers. The firm is working on solutions that can be used to keep wireless implantable devices such as pacemakers protected from attack. Prototype security software has already been developed and the funding round is intended to pay for the prototype to be refined.
The prototype software will be demonstrated on a pilot project. The plan is to show how the software can be used to protect healthcare IoT devices and ensure that only authorized individuals are able to gain access to the software used to control the devices. The company expects to sell its software-as-a-service to a wide range of medical device manufacturers.
MedCrypt software is not intended to make devices unhackable. With enough funding, exploits can be found for any system. Instead, the purpose of the software is to make it financially impractical to hack medical devices. If hackers cannot realistically make money from hacking medical devices protected by MedCrypt software, they will look elsewhere for easier targets that are more lucrative to attack.
The software uses two methods to protect healthcare IoT devices from attack. It includes multi-factor authentication controls to ensure that only authorized individuals are able to gain access to the devices. The devices will also be encrypted. According to a statement released by MedCrypt, its software will “authenticate users, encrypt data, and cryptographically sign settings and patient prescriptions.”
The importance of protecting healthcare IoT devices has been highlighted recently. Device manufacturer St. Jude Medical has been accused of failing to protect some of its pacemakers and associated devices from hackers. Muddy Waters Capital was provided with data from cybersecurity firm MedSec, which appeared to show that the devices could be hacked.
While St. Jude Medical has denied vulnerabilities exist, the revelations – whether true or false – resulted in St. Jude stock prices falling. Muddy Waters claimed that it would take 2 years for the company to remediate the flaws in its devices, and that this would have a significant impact on company profits. Muddy Waters has been accused of disseminating false information to manipulate stock prices for profit. The incident shows that it is not only black hat hackers that are trying to find flaws in medical devices. If flaws exist, they will be discovered. Device manufacturers must therefore do all they can to ensure their devices are protected.