Israeli startup Medigate today announced $5.35 million in seed funding for its mission to secure the use of the millions of connected medical devices on healthcare provider networks. Backing for the technology platform, which lets CISOs and security teams defend networked medical devices from cyberattacks, comes from YL Ventures, with additional funding from Blumberg Capital.
The Medigate team
Cybersecurity threats to healthcare providers under attack
Healthcare providers today depend on nearly 100 million connected medical devices to deliver innovative, cost-effective and lifesaving treatment to patients, and the number of these connected devices is expected to double in the next 2-3 years. Unfortunately, the incidence of actual cyberattacks targeting healthcare providers is also skyrocketing. In fact, according to the Ponemon Institute, more than 90 percent of healthcare providers suffered at least one data breach in the last two years.
Medical devices are already a target, as seen in attacks such as MEDJACK that started in 2015 and continues today. Existing and pending patient privacy and medical device regulations and FDA guidance raise the stakes even more.
The Medigate medical device security platform
The Medigate solution is a dedicated platform for securing networked medical devices that are connected to electronic medical records, device servers, other enterprise systems and the internet. It fuses the knowledge and understanding of medical workflow and device identity and protocols with the reality of today’s cybersecurity threats.
Medigate can provide visibility into all the medical devices connected to the network, identify these devices by type and personality and analyze and understand their specialized protocols, communications and behaviors. By using this knowledge to detect anomalies and suspicious activities, Medigate protects connected medical devices from network attacks and data exfiltration attempts.
“Connected medical devices – from patient monitors, MRIs and CAT scanners to infusion pumps and yet-to-be invented devices — are critical to the delivery of healthcare today and are revolutionizing the care of tomorrow,” said Yoav Leitersdorf, managing partner at YL Ventures, which led the Medigate funding round. “These devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyberattacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk. Medigate’s solution directly addresses this crucial problem by mitigating targeted attacks on medical devices.”
Challenges of protecting medical devices
Today, organizations depend on existing cybersecurity products, such as general-purpose firewalls, as well as current IT best practices, to secure connected medical devices. However, because medical devices are different from other IT devices, these approaches fall dramatically short in effectiveness.
Medical devices can’t be patched, updated online or actively managed with endpoint security software products. Existing firewalls fail to understand how these devices work and communicate, leaving them vulnerable to attacks over both typical network protocols and unique medical device protocols. And while device manufacturers will continue to deliver more secure devices, today’s secure device often becomes tomorrow’s risk when targeted by creative and determined attackers.
According to a Forrester report authored by Senior Analyst Chris Sherman, “You have less control over connected medical devices than any other aspect of your technology environment. Many times, vendors control patch and update cycles and vulnerabilities persist that require segmentation from your network. Considering that many of these devices are in direct contact with patients, this is a major cause for concern.”
“Because it is not possible to effectively deploy endpoint security solutions and regular security patches to these devices, they significantly increase the exposure in my organization’s overall risk posture,” said Heath Renfrow, U.S. Army Medicine CISO. “A product like Medigate would add a much necessary layer of defense, significantly reducing the risk of medical device vulnerabilities to my networks.”
By delivering a dedicated medical device security platform, Medigate allows providers to more safely operate all medical devices on their network. Medigate discovers and secures existing and new devices, ensuring that these devices continue to deliver lifesaving treatments and protect patient confidentiality.
“The team at Medigate has the right vision to help organizations safely connect devices to their networks and protect against cyber risk. Protecting devices at a network level is the only way to ensure success. Medigate is defining and leading the market for connected medical device security,” Leitersdorf added.
Jonathan Langer, Medigate CEO and co-founder, explains that to be competitive in both care delivery and cost, today’s medical providers must be able to quickly and safely connect existing and new devices to their networks.
“It’s an imperative to connect devices to the network, both to manage and monitor devices in real time and to understand and analyze the large amounts of data generated from these devices. At the same time, we see backdoor attacks like MEDJACK and ransomware attacks like WannaCry and NotPetya successfully targeting healthcare providers. Connected devices are a ripe target for cybercriminals,” said Langer.
The Medigate Security Platform is currently in limited availability to qualified customers. General availability will be in mid-2018.