CybersecurityWill the next cyberattack be in the hospital?

By Brian Blum

Published 16 May 2019

You may not think of hackers targeting hospitals, but this is where our wired world may be most vulnerable, and the results could be deadly. Israeli startup Cynerio aims to stop hackers from targeting medical devices, a potent new danger in our connected world.

What’s your stereotype of a hacker: a malicious millennial intent on hijacking your computer, deleting your files and demanding a ransom? A corporate criminal stealing sensitive data from Sony or Yahoo? Or a rogue programmer attacking connected cars and electrical, water and telecommunications grids?

You may not think of hackers targeting hospitals, but this is where our wired world may be most vulnerable, and the results could be deadly.

Most medical devices such as drug-infusion monitors, kidney-dialysis units and ventilators were built when Internet connectivity was still new and IT professionals never imagined a hacker could change the drip rate in an IV or stop an ICU patient’s breathing machine.

That chilling prospect was at least one of the reasons why Israeli startup Cynerio was able to raise $7 million for its technology designed to protect medical devices from cyberattacks.

“Every cyber company has two elements,” Daniel Brodie, Cynerio’s CTO, tells ISRAEL21c. “There’s a bit of the fear story – what would the worst-case scenario look like – as well as a real business ability to provide solutions for customers.”

Cynerio addresses what’s become known as the “Internet of Medical Things” – a play on words for the better-known “Internet of Things” which describes devices such as smart refrigerators and thermostats that are Internet-connected.

Zion Market Research estimates that the global market for the Internet of Medical Things is growing 11 percent a year and could reach $14.7 billion by 2022.

The benefits of smart medical devices are clear. They’re “good for doctors [who] can make decisions based on real-time data,” explains Cynerio CEO Leon Lerman.

Consider a hospital’s radiology department, for example. When a patient is admitted to the hospital, a new digital record is created in the main computer system. If the patient is subsequently sent for a CT scan, the patient’s information is already queued up. The results of the scan are automatically sent to the hospital’s imaging server, which later updates the patient’s EMR (electronic medical record).

That makes for efficient medical care, but a determined hacker could enter at multiple points in the process. “These systems are not secure,” Lerman laments, “and a large number of these devices are operated by old systems and don’t even have anti-virus installed.”