Software firm MedCrypt Inc. of San Diego says it wants to help medical device vendors “build security features into their devices before they ship, and win market share as a result.”
Now the upstart is strengthening its platform with the acquisition of cybersecurity information-sharing and analysis firm MedISAO in Irvine.
Terms of the deal, announced this month, were undisclosed. MedCrypt raised $5.3 million in a Series A round last year.
“It can take anywhere from six months to a year for a new medical device to get its 510(k) clearance from the FDA,” MedCrypt Chief Executive Mike Kijewski said. “Our goal is to help device manufacturers meet the requirements from the FDA’s premarket and postmarket cybersecurity guidances, and MedISAO’s information sharing organization and software bill of materials tool helps us do just that.
“Together, we’re helping manufacturers bring critical medical devices to market more quickly, reliably, and safely.”
Device Focus
MedISAO is one of three information-sharing organizations that focuses on the medical device sector, which came about as a result of Food and Drug Administration recommendations—first issued in 2014—that medical device manufacturers manage and monitor postmarket cybersecurity vulnerabilities.
Its tools focus on helping device makers and other healthcare companies maintain compliance for the products after market approval.
MedISAO founder Daniel Beard will join MedCrypt and help the company integrate MedISAO’s threat assessment and vulnerability database and software ledger generation tool into its platform.
Beard is a University of California-Irvine computer science alum and also serves as the chief technology officer of medical software provider Promenade Software Inc. in Irvine.
Beard said, “Joining MedCrypt will help both companies’ customers to expedite, manage and demonstrate cybersecurity compliance, increasing security and decreasing the time it takes for lifesaving devices to (get to) market.”
Tools of the Trade
Medical devices are uniquely prone to cyberattacks due to their long life cycles and critical nature, Beard said.
MedISAO offers its clients weekly vulnerability advisories, a coordinated vulnerability disclosure program and a vulnerability database with custom filters.
“I initially created MedISAO to help fill the information-sharing gap among smaller medical device manufacturers that were just getting started with cybersecurity,” Beard said.
The coordinated vulnerability disclosure program facilitates communication between researchers who discover device vulnerabilities and device manufacturers that are held accountable for the security of such devices.
Once a researcher reports a problem, manufacturer representatives can verify the claim and report a solution for publication, which functions as an advisory to the healthcare community.
Irvine-based Modulim Inc., a device maker of an ulcer-detecting imaging platform, is a member of the company’s vulnerability disclosure program.
Digital Ledger
“As demand for our platform grew, we realized our customers were in need of a software bill of materials tool as well,” Beard added.
That led to the creation of Cyber Protek, a software bill of materials generation tool.
A software bill of materials is a ledger of sorts that accounts for all of the open source and commercial off-the-shelf software used in a device. It is similar to a hardware bill of materials for the digital world, according to Beard.
These capabilities will ultimately help advance MedCrypt’s goal to assist medical device makers in navigating cybersecurity considerations with intuitive and easy-to-use tools, officials said.
