Medigate, another of the seemingly endless stream of Israeli cybersecurity companies, has announced $5.35 million in seed funding. The funding has come from YL Ventures and Blumberg Capital. The company is focused on securing medical devices on healthcare provider networks. The money will enable it to further develop its own technology platform.
According to Jonathan Langer, Medigate CEO and co-founder: “It’s an imperative to connect devices to the network, both to manage and monitor devices in real time and to understand and analyze the large amounts of data generated from these devices. At the same time, we see backdoor attacks like MEDJACK and ransomware attacks like WannaCry and NotPetya successfully targeting healthcare providers.
“Connected devices are a ripe target for cybercriminals. The Medigate solution is designed to effectively protect medical devices from these attacks and eliminate this pandemic risk. We are truly ecstatic to have two leading global funds like YL Ventures and Blumberg Capital investing in Medigate.”
What is the Medigate platform?
Medigate is delivering a dedicated platform for securing medical devices that are connected to other networks. It claims that its platform will be the first to identify all medical devices connected to the network. To do this it has had to develop its own gateways to support all the different protocol and communication systems used by these devices. It will also combine this with knowledge of the class of device and what it is intended to do.
As part of its solution, Medigate will build a profile of each device. This allows it to determine what is normal behaviour for a device and what is out of band. The challenge will be how Medigate identifies when hackers have taken over a device. It is not unreasonable that a device could operate for a time within its accepted parameters.
However, those parameters might be dangerous to a patient. For example excessive amounts of drug being delivered. What is not clear is how Medigate will link clinical use of the device, device parameters and patient condition together.
It is also unclear as to whether Medigate will seek to validate any patches or updates to devices. One of the big challenges in the healthcare market is the lack of signed code. If Medigate intercepts all updates and runs a full security check before they can be applied, this would be a significant step forward.
Integration with other security and healthcare systems
For the Medigate solution to work effectively it needs to be able to integrate with other security and healthcare systems. It makes no sense for the company to reinvent penetration testing or end-user device security. Instead, as a platform, it needs to look at how it can integrate other security solutions to orchestrate a better security solution.
Part of the challenge will be securing the connection from other healthcare systems to medical devices. Reports of direct attacks on medical devices outside of proof of concepts is rare. However, attacks on other healthcare systems are commonplace. Medigate is seeking to secure that connection point. This should ensure that no malware can jump from one system to another.
Medigate doesn’t talk about encryption of the communication channels. That is disappointing. Encrypting the channels would take away another attack vector. It could be that this is something the company will seek to add after a future funding round.
What does this mean?
The world is awash with security solutions for end-user devices. Some are great, some are average and, as we are discovering, some are just smoke. The world of medical devices uses operating systems, processors and memory that cannot support many of these solutions. As a result, few of the mainstream security vendors have developed solutions for medical devices. Instead, they have lumped them in with non-IT connected devices. This means that the security is generalised rather than focused on the devices and their specific functions.
Medigate has set itself a complex task. This is its first funding round and it will be interesting to see how quickly it hits key proof points and secures additional funding. If it is successful one challenge it will face is staying independent. While security companies appear every day, the larger players have deep pockets and are always on the look-out for innovation.
There is a real need for what Medigate is claiming to offer. It’s move to create a platform rather than just a product focused solution makes sense. It gives it the room to integrate with other systems rather than reinvent everything itself. It will be interesting to see if it meets its self imposed delivery date of mid-2018 and how quickly it can attract customers.