Cyberattacks and ransomware are real threats to all kinds of businesses. Recent years have shown that they do not spare the healthcare sector. The WannaCry ransomware attack in 2017 paralyzed United Kingdom’s National Health Service (NHS) for four days straight. This event served as a wake-up call to the industry. Healthcare organizations realized that they had to take appropriate actions to ensure their IT security and integrity stays intact, even when attacked.
Here comes our portfolio company Cynerio into play. The company specializes in providing security solutions for all the connected devices at healthcare delivery organizations such as hospitals, clinics, etc. Or for short: IoT (Internet of Things) Cybersecurity for Healthcare.
The software is built to detect and fight threats that target medical devices, which are increasingly connected to the internet and therefore at risk. Every healthcare system doesn’t matter if it is big or small, is potentially vulnerable to attacks. Did you know that attacks can specifically target medical devices? This very vulnerability puts not just hospitals but also patients at risk. These IoT devices can’t be disconnected because they are an active element of the patient’s treatment and are part of the IT infrastructure of an institution. Even though these devices are at high risk, standard IT solutions are not able to properly secure them or in many cases even see them. This makes IoT healthcare devices a big target for intruders, and they are increasingly using these devices to gain unauthorized access to hospital networks.
Resources must be efficiently allocated where they are most needed. This might be easier for a bigger healthcare provider than for a smaller one, but it is expected that smaller institutions will provide the same level of care as any other bigger player. Small clinics or rural hospitals often operate at high risk due to limited technical, human, and financial resources to prevent cyber-attacks from happening. Cynerio’s developers have worked on a tailor-made solution for these institutions. With “Cynerio Now!” our portfolio company delivers a product that empowers small healthcare providers to reduce the spread of malware, ransomware, and other threats to the security of an organization’s connected medical devices at an affordable price. We sat down with Co-Founder and CEO Leon Lerman to talk about the company’s newest offering.
Interview on Cynerio Now! With Co-Founder and CEO Leon Lerman
Jessica Di Palo, MTIP (JD): “Hi Leon, thanks for taking your time to answer some questions on Cynerio Now! First of all, how did you come up with the idea to develop this product?”
Leon Lerman, Cynerio (LL): “Thank you for taking the time to interview me! There were a few factors that motivated us to create a special offering tailored to smaller and more rural hospitals. First, in our conversations with these hospitals, we realized that they were often working with extremely lean teams to manage not just their cybersecurity but their IT as a whole.
This only became more complicated after COVID, which stretched these hospitals thin in terms of patient care and budgets, and also with the sudden need to ensure everyone who could work from home did so safely. These hospitals had their hands full, and on top of that, attackers actually increased their activity against such hospitals during times when they were dealing with multiple crises. It dawned on us that a smaller hospital might need an IoT cybersecurity solution built in such a way that extends their team economically, efficiently, and effectively, cleaning up the critical risks in their IoT and medical device environment in under a month and providing an on-call Technical Account Manager if needed.”
JD: “Are there differences in the specifics of cyber-attacks between bigger and smaller healthcare institutions?”
LL: “To be honest, the attacks themselves are basically the same. We are seeing a massive uptick in ransomware attacks on hospitals across the board – they have more than doubled on hospitals since the beginning of the pandemic. Bigger hospitals will often have bigger everything – larger cybersecurity budgets, more solutions to defend themselves against cyberattacks, and a bigger team among which to divide responsibilities. Attackers know this, and since they want to make the most profit they can with the least amount of effort, they will target smaller hospitals, because they know that they have less firepower available to protect themselves. So in terms of a ransomware attack that prevents connected medical devices and other IoT from working, which is one of the most common attacks at the moment, it will play out the same on both, a large or small hospital, but the smaller hospital will have fewer resources to fight it, and that is where we come in to assist them.”
JD: “How did you come up with the name ‘Cynerio Now!’?”
LL: “Cybersecurity has a bad reputation for taking a very long time to deploy, requiring a lot of work on the customer’s part to prepare their systems for proper installation, and ultimately providing a lot of inscrutable, black box results where ROI is questionable. Small hospitals don’t have any time or luxury for that kind of bureaucratic process. They are getting attacked right now and need help right now. So we wanted to make it clear that this streamlined version of our solution can be up and running quickly in a small hospital’s IoT infrastructure and can start providing actionable attack remediation and value immediately. Without the usual hurdles that a smaller hospital might have to climb just to get a new cybersecurity solution off the ground.”
JD: “Why does the number of attacks on healthcare organizations increase?”
LL: “Healthcare is an attractive target for a few reasons. Healthcare data fetches the highest prices on the black market because it contains a lot of what you would need to perpetrate identity fraud, much more so than a stolen credit card or customer record would. Hospitals also lag other industries in terms of cybersecurity preparedness – in smaller hospitals, there is just not enough money to get security where it needs to be, and since patient safety is at stake here is less wiggle room for hospitals to haggle or drag their feet when a ransomware attack occurs. There is also the explosion of connected devices – only a few years ago, MRI machines, HVAC systems, and security cameras, to cite just three examples, had no internet connections. Now they increasingly do, and they are vulnerable to threats, and hospitals don’t have visibility. A recent study from the Ponemon Institute found that hospital breaches were just as likely to hit an IoT device as receiving a phishing e-mail. Attackers know they can hop from IoT device to IoT device without a lot of smaller hospitals being able to see them until it is too late, and that is music to their ears. All of these reasons make attackers think that an attack on a hospital will be easier than other targets, and sadly they are often correct.”
JD: “Did the pandemic have an impact on these circumstances? How?”
LL: “As I mentioned before, the pandemic has made the cybersecurity landscape more threatening for hospitals, and especially smaller hospitals. By every metric, attacks have gone up. And it’s not only attack volume; the knock-on effects of ransomware and other cyberattacks have led to negative impacts on patient care. About a quarter of hospitals attacked by ransomware saw increases in mortality rates, and a majority of those victimized hospitals had lengthened patient stays and procedure delays in an attack’s aftermath. We have all heard stories about burnout in the healthcare industry, and the cybersecurity and IT staff at hospitals are no different – it can be stressful managing a hospital’s rapidly expanding attack surface on a tight budget. That’s ultimately why we launched Cynerio Now! The cybersecurity workers at these smaller hospitals need a helping hand, and with our expertise in medical device and IoT security we are in a great position to help them quickly.”
JD: “Thank you, Leon! We are certain that your new product will have amazing success!”