Will the next cyberattack be in the hospital?
Protecting hospital networks
In 2017, a ransomware attack called WannaCry targeted computers running Microsoft Windows. Although the hack was generic, in the UK it hit the country’s NHS-operated hospitals the hardest, forcing them to turn away patients and cancel some 19,000 appointments.
Staff had to use pen and paper and their own mobile devices after the attack affected key systems including telephones. The UK Department of Health estimated the damage at more than $100 million.
Hackers who get into a hospital’s computer systems via a medical device can also steal personal data that can be used later for identity theft. A group of hackers known as the Dark Overlord stole and then leaked the phone numbers and addresses of several Hollywood celebrities who were clients of a Beverly Hills, Calif. plastic surgeon.
Because there are so many possible medical devices with different vulnerabilities, creating cybersecurity patches specific for each would be an impossibly large task, Brodie tells ISRAEL21c. So Cynerio is working with hospitals’ IT departments to protect the network as a whole.
“We take the metadata – such as what types of messages are being uploaded – and do machine learning across the hospital, in order to understand the behavior of the facility in general,” Brodie explains. “We know that MRI machines don’t talk to patient monitors, for example.”
This kind of insight helps Cynerio guard against attacks while delivering a low number of false positives, he adds.
Cynerio uses the tools a hospital already has, such as firewalls and Network Access Controls, Brodie says. “Our main added value is the learning.”
Cynerio also educates hospital staffers who don’t always know how to use the tools they have and – because equipment can sometimes be purchased by individual departments rather than a central buying facility — may not even know how many medical devices they have at the facility.
Cynerio provides hospitals with visibility (which devices are communicating on the network); assessment (which devices are vulnerable); detection (identifying anomalies in real time within a medical context); and protection (improving security).
Because Cynerio’s tech is not attached to the equipment, it will not “interfere with the routine operations of the device in providing medical treatment,” Lerman adds.
What makes Cynerio unique
Brodie and Lerman launched Cynerio in 2017 in Ramat Gan outside Tel Aviv. The company’s cybersecurity software is now running at hospitals in Israel including Tel Aviv Sourasky Medical Center and Rambam Health Care Campus in Haifa.
The new financing from Accelmed, RDC and MTIP will allow Cynerio to expand to the United States and hire 10 people there. Lerman is moving to the US to head up the sales arm of the company.
Cynerio is not the only company providing cybersecurity to hospitals.
“A few generic IT solutions have shifted into healthcare,” Brodie points out. “Our uniqueness is that we’re not looking only at the medical devices but the entire ecosystem around them. Not just a specific patient monitor, but the servers that aggregate all the patient monitors in the hospital.”
We go to great lengths to seek out the top hospitals and health professionals. Keeping those facilities safe from hackers is the latest twist in the quest for top-notch medical care in the twenty-first century.
Brian Blum writes about startups, pharmaceutical advances, and scientific discoveries for Israel21c. This article is published courtesy of Israel21c.
