IoT Cybersecurity Startup Landscape Part 2: Medical Devices

Image for post
Image for post
Source

State of the market

Security issues in healthcare

In a recent survey, researchers found that 82% of healthcare organizations have experienced a cyberattack focused on IoT devices, with 30% of those providers admitting that patient safety was compromised at some point. Cybersecurity breaches has many consequences, including operational downtime, data theft and reputational damage, and the mitigation of healthcare IoT cyberattacks are very costly — an average of $346,205 per attack.

It is imperative for global healthcare provider organizations to continue to improve their security approach to ensure protection of their whole networks and facilities. Examples of catastrophic cyber risks include distorting imagery devices to malfunctioning of pacemakers, potentially resulting in the loss of life.

Image for post
Image for post
Source

Healthcare providers are unprepared

Nowadays, ~48% of all hospital equipment is connected, and this number will reach 68% by 2023. Nevertheless, only 18.6% of organizations feel very prepared to address these security challenges and only 51% of medical device manufacturers follow FDA guidance to mitigate risks. According to Palo Alto Networks, over 83% of medical imaging devices run on unsupported Operating systems, which further exacerbates the problem.

Regulations

For instance, the FDA offers guidance addressing device security across the medical device product lifecycle. This has propelled many manufacturers to look at potential supply chain security issues, and medical device users to implement medical device cybersecurity solutions across the entire device lifecycle. The upcoming EU MDR Cybersecurity Requirement lays down new essential safety requirements for all medical devices to ensure that devices are secured from within, emphasizing the incorporation of security best-practices throughout the product lifecycle

What are the solutions offered by startups?

  • Identify & Detect: solutions that provide inventory and network monitoring, continuous identification and classification of all devices as well as detection of cyber attacks
  • Protect: solutions that secure data and network integrity, while limiting the impact of cybersecurity breaches and ensuring resilience of systems.
  • Audit & Compliance: solutions that help simplify regulatory compliance for healthcare organizations, while providing quality management to medical devices
  • Security services: solutions that provide healthcare providers and device manufacturers with software and services to secure medical devices throughout the device lifecycle
Image for post
Image for post

Some of the critical security capabilities for organizations to ensure effective IoT cybersecurity measures are in place include device visibility with network monitoring, improved overall security posture, response automation and orchestration and continuous exchange of contextual insights. Effective security protection would address the different stages of the medical device lifecycle, including the development procurement, deployment, operations and disposal of these devices.

Ending Remarks

As competition increases, we will increasingly observe a drop in the average sale price of cybersecurity solutions for medical devices. Profit margins will be reduced and smaller vendors will find it more challenging to compete. There will also be consolidation of the market in the upcoming years, as we’ve already seen so far. MedCrypt acquired MedISAO in Aug 2020 for its information sharing capabilities as well as their Software Bill of Materials tool to better serve device manufacturers. Alternately, Palo Alto Networks acquired Zingbox in Sept 2019 to expand its existing platform offerings for healthcare providers to gain more visibility into their connected devices at scale. This has helped these vendors expand their customer bases and offer new cross-selling opportunities.

In Part 3 of this four-article series, I’ll be covering the state of the critical infrastructure cybersecurity startup market.

Special thanks and shout-out to my colleague Ravi Mulugu, who provided me with insights to bring this piece together.

Disclaimer: This blog represents solely my own opinions, not my employer’s.

Investor at UL Ventures. LatinX. Salsa Dancer. VC Trends. A personal blog for the curious mind.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store