MedCrypt announces a grant to work with the university on a joint project that will quantify regulatory and cybersecurity risks in the medical field, impacting the advancement of medical device cybersecurity and improving patient safety
SAN DIEGO, July 11, 2023 /PRNewswire/ — MedCrypt, Inc., the proactive cybersecurity solution provider for medical device manufacturers, has partnered with Kansas State University (K-State) by providing a grant to drive advancements in quantifying regulatory and cybersecurity risk in the medical field. This summer, the partnership will aim to enhance medical device cybersecurity research by focusing on validating the tools used to assess client risk, incorporating a holistic approach, and seamlessly integrating technical elements and public and regulatory policy considerations.
The collaboration, led by Dr. Eugene Vasserman (K-State) and Dr. Seth Carmody (MedCrypt’s VP of Regulatory Strategy), aims to address the varied challenges of assessing and quantifying cybersecurity risks associated with interconnected medical devices and their impact on clinical care delivery, patient safety, and business continuity. The MedCrypt and K-State collaboration brings together premier research institutions to tackle challenging problems faced by MDMs. Additionally, it provides the possibility for working together between MedCrypt, K-State, and Tufts University. With the U.S. Food and Drug Administration’s (FDA’s) decision to refuse future device submissions which don’t meet minimal cybersecurity requirements by October 1, there is a call to action for Medical Device Manufacturers (MDMs) to prioritize cybersecurity.
The research will combine a comprehensive qualitative and quantitative approach that considers risks from both business and technical perspectives. Unlike prior “one size fits all” work, which includes analyzing the manufacturer-specific approach to cybersecurity during product line engineering and product design, product requirement and risk evaluation including compensating controls, verification and validation procedures, and post-market monitoring and support. By integrating broader cybersecurity practices such as threat modeling, vulnerability monitoring, and incident response, MedCrypt and K-State can work towards enhancing the security posture of medical devices and manufacturers. The urgency to comply with the FDA’s requirements by October 1 provides a compelling incentive for MDMs to engage with MedCrypt. Through the partnership, MedCrypt and K-State can leverage academic best practices in medical device cybersecurity while applying real-life constraints that MDMs experience every day. By doing so, they will contribute to the overall safety and integrity of interconnected medical devices, ultimately improving patient care, reducing the risk of cyber threats in healthcare environments, and placing MDM-level cybersecurity risk estimation on a firmer footing.
“Partnering with Kansas State University allows us to focus on a critical research initiative,” said Seth Carmody. “This partnership validates the value of our risk assessment tools and strengthens our capacity to tackle evolving challenges in medical device cybersecurity. By leveraging academic expertise, industry insights, and an understanding of new rules and regulations, we are confident that our joint efforts will lead to significant advancements.”
Dr. Vasserman brings extensive experience in the security of distributed systems, cyber-physical systems, and the socio-technical aspects of security. As the director of the Kansas State University Center for Cybersecurity and Trustworthy Systems (K-CaTS), he has played a pivotal role in advancing cybersecurity education and has been involved in multiple medical device cybersecurity projects, from the MDM side as well as through collaboration with the FDA. Dr. Vasserman has also received several notable recognitions, including the Commissioner’s Special Citation in 2018 as a member of the St. Jude Medical Cybersecurity Response Team, the Outstanding Service Award in 2020 as a member of the Cardiac Monitor Cybersecurity Review Team, and the Group Recognition Award in the same year as a member of the URGENT/11 Response Team.
“I am honored to lead this research and work closely with MedCrypt to address challenges in medical device cybersecurity,” said Dr. Eugene Vasserman. “Our research will not only provide a holistic understanding of cybersecurity risk in the medical field but also contribute to developing standards and policies that will help strengthen the safety and integrity of medical devices. Together, we aim to make lasting improvements to the industry and protect patients from ever-evolving cyber threats.”
The research team will develop a platform that is both customizable and expandable, integrating qualitative and quantitative metrics. This platform will provide actionable and prioritized recommendations for addressing current and future technological, regulatory, and business risks. In terms of advancing science, the project will result in research papers and software artifacts that disseminate new knowledge and provide a foundation for others to build upon. Customers of MedCrypt can anticipate a swift integration of research findings into their products and services. This integration will bring immediate benefits, such as significantly enhanced proactive risk management, specifically tailored to the processes and needs of MDMs, which will include ongoing monitoring, testing, and updating of security controls. These practices not only help meet regulatory requirements but also effectively reduce cybersecurity risks while simultaneously lowering costs by prioritizing the mitigation strategies most likely to be effective and avoiding those that may yield little long-term benefit. Ultimately, customers can have increased confidence in the security of medical devices, which leads to increased trust between healthcare providers, patients, and the technology they rely on.
About MedCrypt
MedCrypt is helping healthcare technology companies ensure medical devices are secure by design. We provide cybersecurity products and strategic management consulting to expedite the go-to-market process of medical device manufacturers’ new life-saving connected technologies.
Founded in 2016 by a team of healthcare cybersecurity experts, MedCrypt is uniquely positioned to be the security catalyst for medical device manufacturers to design secure, FDA-approved technologies. We continue to work with those paving the way toward safe and reliable medtech. To date, MedCrypt has raised more than $36 million in funding with participation from Johnson & Johnson Innovations, Intuitive Ventures, and Dexcom Ventures. For more, please visit www.medcrypt.com.
Press Contact: Jenny Bourne, 2087618447, https://www.medcrypt.co/
SOURCE MedCrypt