TL; DR: CyberMDX, founded in 2017, is paving the way in security for the Internet of Medical Things (IoMT) with a cloud-based solution built to identify endpoints and assess vulnerabilities. The company’s layered cybersecurity approach addresses device inventory, risk assessment, threat detection and response, and compliance. With a recent focus on Device-Centric Risk Management (DCRM), CyberMDX is furthering its mission to protect both healthcare delivery organizations and their patients.
Just when you thought the cybersecurity landscape couldn’t get any rockier, hackers are exploiting a new reservoir of private information — your medical records.
Healthcare databases are packed with patient information that cybercriminals covet, from Social Security numbers to credit card details and insurance policy numbers. They’re also a draw to malicious actors looking to hold highly sensitive patient data for ransom. Medical diagnoses, prescription information, immunization histories, and test results are all commonly stolen.
“In some cases, hackers are selling electronic medical records for almost twice the amount of stolen financial information,” said Ido Geffen, VP of Customer Experience at CyberMDX. “We’ve also seen a significant amount of ransomware in the last three years targeting medical devices, as hospitals tend to pay for those attacks.”
Securing the applications and medical devices that make up the Internet of Medical Things (IoMT) has become highly critical. Today’s connected healthcare technologies include everything from automated insulin delivery systems to wearable biosensors — and, if hijacked, could result in physical harm to patients.
CyberMDX is combatting increased activity in this space via a layered approach to protecting hospital server networks. The cloud-based cybersecurity solution is all-inclusive, covering device inventory, risk assessment, threat detection and response, and compliance.
Now deployed across the globe, CyberMDX’s solutions integrate seamlessly with existing hospital infrastructure, making it easier to protect healthcare delivery organizations and their patients.
Proactive Cyber Intelligence that Secures Critical Data
Ido has been with CyberMDX since its 2017 founding. Before joining the company, he held several positions at the Israeli Security Agency, including R&D Group Manager and Product Manager. He also served as a paramedic in the special elite combat engineering unit of the Israeli Engineering Corps.
“In 2015, we saw a surge in attacks on healthcare organizations, specifically hospitals,” Ido said. “It was happening here in Israel but also in the U.S. I think that year was the tipping point — once hospitals started adopting electrical medical record technology, all of a sudden there was this holy grail of exploitable data.”
CyberMDX was created in response to these types of attacks, which have only worsened in recent years. One of the largest attacks on a health system took place in 2018, when hackers stole personal medical data on 1.5 million patients of a Singapore-based network of public hospitals and clinics. Victims included Prime Minister Lee Hsien Loong.
“The attack went on for two months,” Ido said. “By the time it was discovered, they had already gained access to the electrical medical records of millions of almost a quarter of the country’s population.”
The healthcare industry is particularly vulnerable to attacks due to the sheer range of edge devices in an IoMT ecosystem.
“A large portion of connected devices in the healthcare industry are not the traditional devices IT organizations are familiar with — workstations, laptops, servers, and switches,” Ido said. “What we see today when we complete deployments, especially in the U.S., Canada, and Western Europe, is that more than 50% of the devices are unique to the health sector.”
Asset Management, Risk Assessment, and Preventative Action
The threat of nation-state actors, cybercriminals, and malicious insiders combined with the excess of managed and unmanaged healthcare devices makes for a dangerous situation in the healthcare industry.
That’s where CyberMDX comes in. The company empowers organizations to view and prioritize all device groups through one interface.
“Inventory management is a real issue today, both on-premise and in the cloud,” Ido said. “CISOs and IT managers don’t typically know how many connected devices are in their networks. We find there are usually 30% more devices than they were expecting.”
CyberMDX’s approach is to achieve 100% visibility of all of the connected devices in a network and then weave in a layer of protection around the network and perimeter. The company’s core software product can identify metadata on several important device metrics, including the manufacturer and model, serial number, media access control (MAC) and IP address, and operating system.
It also features real-time vulnerability and threat detection without requiring software installations on any medical device within the network.
“Organizations may have an overwhelming amount of security issues at first, but we engage and work with our customers in a unique way,” Ido said. “Our differentiators revolve around two major questions: Where should I start, and what should I do?”
Through research and risk analysis, CyberMDX guides customers on exactly where to start and how to proceed. “We work to identify and prioritize vulnerabilities on each device,” he said. “There are tons of vulnerabilities out there, but less than 50% have a real exploitation out in the wild.”
A Collaborative Onboarding Process
In addition to a proliferation of devices, most healthcare delivery organizations have numerous stakeholders that CyberMDX helps bring together.
“We don’t typically have one go-to person — the responsibility is shared between the information security personnel, biomedical engineers, and even vendors,” Ido said. “You might have an engineer who configures an MRI or anesthesia machine, and they need the IT personnel to connect those machines with devices.”
CyberMDX also helps compliance analysts meet regulatory requirements with multisystem data collection, ePHI tagging, automatic documentation and reporting, and actionable recommendations. The CyberMDX Control Center allows users from different departments and professional domains to access such information.
Of course, in addition to compliance, CyberMDX’s cloud-based technology covers asset inventory, risk assessment, incident response, and biomedical workflows in one comprehensive solution. The CyberMDX team has fine-tuned its interface over the years to appeal to each party’s different preferences.
“It’s not only the different groups of people but also their different personas,” Ido told us. “Some people are more comfortable working with SaaS solutions, others need to digest the data concisely and easily. It’s a challenge, but once you can connect all of those lakes, there’s this synergy that is pretty amazing to see.”
Device-Centric Risk Management (DCRM)
CyberMDX will be intensely focused on its Device-Centric Risk Management (DCRM) technology in the upcoming year. The technology takes a multilevel approach to mitigating cybersecurity risks with production around three main areas: the device, the network, and the perimeter.
“It’s a layered approach of defense, so if the first layer is breached, we have the second and the third,” Ido said. “In the end, even for hackers and nation-state actors, it’s a matter of cost-effectiveness. We want to make it so difficult and so costly that the return on investment is not there.”