Topic: Medical Device Cyber-Vulnerability Casts A Cloud Over Growing Use
The attack surface of healthcare in the cybersecurity realm is forecast to explode in size in the next few years, in large part due to the proliferation of internet-attached medical devices.
The Global Internet of Medical Things market is expected to grow at a compound annual growth rate of 18.5% from 2021 to 2027 to reach $284.5 billion by 2027, according to UnivDatos Market Insights. A rise in connected medical devices and the emergence of new technologies is resulting in the growth of the market.
MedCrypt is a San Diego-based company that provides proactive security for healthcare technology. MedCrypt’s platform brings core cybersecurity features to medical devices with a few lines of code, to ensure devices are secure by design. MedCrypt announced a $5.3 million Series A funding round in May of 2019, bringing the total funds raised to $9.4 million with participation from Eniac Ventures, Section 32, Y Combinator, and others.
Recently, Seth Carmody, PhD, vice president of regulatory strategy at MedCrypt, answered questions from HealthLeaders about the connected medical device security threat.
HealthLeaders: Carrots and sticks seem to be the only tools the government possesses to improve digital security in healthcare. Is there a third way?
Seth Carmody: There have been a few attempts to incentivize security, but the incentive is fine-based and focuses, not on security debt relief, but on the management of the risk that security debt brings. Governments and regulators need to continue to provide sticks and carrots like the IoT Cybersecurity Improvement Act of 2020 and FDA (U.S. Food & Drug Administration). The FDA’s Postmarket Cybersecurity Guidance (December 2016) incentivizes medical device vendors to participate in cyber-risk information sharing through a variety of ways, such as through Medical Device Information Sharing Analysis Organizations (ISAOs).
These types of incentives will drive healthcare to build technology securely, but because their domain is healthcare, efforts will be expensive and may fall short. Therefore, it’s necessary for the tech sector to lead a “shift left” movement and provide seamless, secure by design, out-of-the-box technology that healthcare can use to build their innovative healthcare products.
Topic Discussed: Medical Device Cyber-Vulnerability Casts A Cloud Over Growing Use