At the Cutting Edge of Cyber Security
15th January 2018
Until recently the idea of hackers taking control of a pacemaker may have belonged in the plot of a TV show like Homeland, but new regulations in the industry have indicated that the threat from cybercriminals to medical devices is very real.
Words: Ruth Doris
Dr Anita Finnegan’s startup Nova Leah is at the forefront of the developing industry of medical device cybersecurity. The company, which spun out from Dundalk Institute of Technology (DkIT) last summer, has already secured a contract with global dialysis product provider, Fresenius Medical Care for a licence of its first product, Select Evidence. Fresenius Medical Care has more than 300,000 patients and services over 3,600 clinics worldwide.
Select Evidence is the world’s first expert cybersecurity risk management software solution system for connected medical devices. The global medical devices market is growing exponentially, and it is estimated it will be worth c440 billion by 2018.
Dr Finnegan worked in engineering and quality management for a number of years before embarking on a PhD programme at DkIT. The initial topic of her research was software validation, however, a conversation about medical device cybersecurity prompted Anita to change her focus. Her research caught the attention of the industry and a few months into her study, industry publications started to take notice.
An invitation to pitch her research at the headquarters of the US Food and Drug Administration (FDA) in Washington led Dr Finnegan to publish two technical reports on the area. Commercialisation funding from Enterprise Ireland enabled her to convert the manual framework from her PhD research into a commercial software solution. Dr Finnegan says: “Once I knew that what I was doing was gaining traction, that it was a solution for the industry, it was the obvious next step to explore that.”
Following two years of development the first product was ready and Select Evidence was licenced in 2016. In recent months, the WannaCry ransomware attack, which exploited a Windows system vulnerability, caused chaos across the globe affecting organisations including the UK’s National Healthcare System and highlighted the increasing need for more robust systems in the areas of healthcare.
So what devices are at risk? Anything that has a communication capability can be hacked, Dr Finnegan says. “We know medical devices are quite vulnerable; they’re sitting on a network they can be used as an open door for someone to get in and launch a malware attack on the entire network.”
However, despite depictions of hackers in film and television, devices such as pacemakers have been hacked in controlled environments, but no patient has been harmed because of hacking, she adds. While a hacker gaining control of a pacemaker is unlikely Dr Finnegan says the real threat is around the privacy of patient data and comes from malicious users looking for monetary value from patient records.
Your patient or health record is worth three to five times more to a hacker than your credit card details because it includes your health insurance and financial information, she says.
(Pictured: Dr. Anita Finnegan, Founder & CEO of Nova Leah. This interview was published in our recent annual WMB Print magazine).