October 27, 2021 + Jessica Di Palo
4 Min read
Cyberattacks and ransomware are real threats to all kinds of businesses. Recent years have shown that they do not spare the healthcare sector. The WannaCry ransomware attack in 2017 paralyzed United Kingdom’s National Health Service (NHS) for four days straight. This event served as a wake-up call to the industry. Healthcare organizations realized that they had to take appropriate actions to ensure their IT security and integrity stays intact, even when attacked.
Here comes our portfolio company Cynerio into play. The company specializes in providing security solutions for all the connected devices at healthcare delivery organizations such as hospitals, clinics, etc. Or for short: IoT (Internet of Things) Cybersecurity for Healthcare.
The software is built to detect and fight threats that target medical devices, which are increasingly connected to the internet and therefore at risk. Every healthcare system doesn’t matter if it is big or small, is potentially vulnerable to attacks. Did you know that attacks can specifically target medical devices? This very vulnerability puts not just hospitals but also patients at risk. These IoT devices can’t be disconnected because they are an active element of the patient’s treatment and are part of the IT infrastructure of an institution. Even though these devices are at high risk, standard IT solutions are not able to properly secure them or in many cases even see them. This makes IoT healthcare devices a big target for intruders, and they are increasingly using these devices to gain unauthorized access to hospital networks.
Resources must be efficiently allocated where they are most needed. This might be easier for a bigger healthcare provider than for a smaller one, but it is expected that smaller institutions will provide the same level of care as any other bigger player. Small clinics or rural hospitals often operate at high risk due to limited technical, human, and financial resources to prevent cyber-attacks from happening. Cynerio’s developers have worked on a tailor-made solution for these institutions. With “Cynerio Now!” our portfolio company delivers a product that empowers small healthcare providers to reduce the spread of malware, ransomware, and other threats to the security of an organization’s connected medical devices at an affordable price. We sat down with Co-Founder and CEO Leon Lerman to talk about the company’s newest offering.
Jessica Di Palo, MTIP (JD): “Hi Leon, thanks for taking your time to answer some questions on Cynerio Now! First of all, how did you come up with the idea to develop this product?”
Leon Lerman, Cynerio (LL): “Thank you for taking the time to interview me! There were a few factors that motivated us to create a special offering tailored to smaller and more rural hospitals. First, in our conversations with these hospitals, we realized that they were often working with extremely lean teams to manage not just their cybersecurity but their IT as a whole.
This only became more complicated after COVID, which stretched these hospitals thin in terms of patient care and budgets, and also with the sudden need to ensure everyone who could work from home did so safely. These hospitals had their hands full, and on top of that, attackers actually increased their activity against such hospitals during times when they were dealing with multiple crises. It dawned on us that a smaller hospital might need an IoT cybersecurity solution built in such a way that extends their team economically, efficiently, and effectively, cleaning up the critical risks in their IoT and medical device environment in under a month and providing an on-call Technical Account Manager if needed.”
JD: “Are there differences in the specifics of cyber-attacks between bigger and smaller healthcare institutions?”
LL: “To be honest, the attacks themselves are basically the same. We are seeing a massive uptick in ransomware attacks on hospitals across the board – they have more than doubled on hospitals since the beginning of the pandemic. Bigger hospitals will often have bigger everything – larger cybersecurity budgets, more solutions to defend themselves against cyberattacks, and a bigger team among which to divide responsibilities. Attackers know this, and since they want to make the most profit they can with the least amount of effort, they will target smaller hospitals, because they know that they have less firepower available to protect themselves. So in terms of a ransomware attack that prevents connected medical devices and other IoT from working, which is one of the most common attacks at the moment, it will play out the same on both, a large or small hospital, but the smaller hospital will have fewer resources to fight it, and that is where we come in to assist them.”
JD: “How did you come up with the name ‘Cynerio Now!’?”
LL: “Cybersecurity has a bad reputation for taking a very long time to deploy, requiring a lot of work on the customer’s part to prepare their systems for proper installation, and ultimately providing a lot of inscrutable, black box results where ROI is questionable. Small hospitals don’t have any time or luxury for that kind of bureaucratic process. They are getting attacked right now and need help right now. So we wanted to make it clear that this streamlined version of our solution can be up and running quickly in a small hospital’s IoT infrastructure and can start providing actionable attack remediation and value immediately. Without the usual hurdles that a smaller hospital might have to climb just to get a new cybersecurity solution off the ground.”
«Ultimately it comes down to money. Cybercrime is a business – it wants to maximize profits, and it is increasingly choosing its targets carefully for the biggest returns.»
JD: “Why does the number of attacks on healthcare organizations increase?”
LL: “Healthcare is an attractive target for a few reasons. Healthcare data fetches the highest prices on the black market because it contains a lot of what you would need to perpetrate identity fraud, much more so than a stolen credit card or customer record would. Hospitals also lag other industries in terms of cybersecurity preparedness – in smaller hospitals, there is just not enough money to get security where it needs to be, and since patient safety is at stake here is less wiggle room for hospitals to haggle or drag their feet when a ransomware attack occurs. There is also the explosion of connected devices – only a few years ago, MRI machines, HVAC systems, and security cameras, to cite just three examples, had no internet connections. Now they increasingly do, and they are vulnerable to threats, and hospitals don’t have visibility. A recent study from the Ponemon Institute found that hospital breaches were just as likely to hit an IoT device as receiving a phishing e-mail. Attackers know they can hop from IoT device to IoT device without a lot of smaller hospitals being able to see them until it is too late, and that is music to their ears. All of these reasons make attackers think that an attack on a hospital will be easier than other targets, and sadly they are often correct.”
JD: “Did the pandemic have an impact on these circumstances? How?”
LL: “As I mentioned before, the pandemic has made the cybersecurity landscape more threatening for hospitals, and especially smaller hospitals. By every metric, attacks have gone up. And it’s not only attack volume; the knock-on effects of ransomware and other cyberattacks have led to negative impacts on patient care. About a quarter of hospitals attacked by ransomware saw increases in mortality rates, and a majority of those victimized hospitals had lengthened patient stays and procedure delays in an attack’s aftermath. We have all heard stories about burnout in the healthcare industry, and the cybersecurity and IT staff at hospitals are no different – it can be stressful managing a hospital’s rapidly expanding attack surface on a tight budget. That’s ultimately why we launched Cynerio Now! The cybersecurity workers at these smaller hospitals need a helping hand, and with our expertise in medical device and IoT security we are in a great position to help them quickly.”
JD: “Thank you, Leon! We are certain that your new product will have amazing success!”
Cynerio Now! – A new IoT cybersecurity solution for small hospitals and clinics
Cynerio's new product Cynerio Now!
MTIP invests in Mediktor
New investment in Mediktor
SFDR Art. 8 or Art. 9? What’s the difference?
SFDR: getting the terminology right
MTIP participates in Oviva’s new $80m Series C funding
Oviva raises $80 million financing round
MTIP invests in Intelligencia to reduce the risk of clinical research through artificial intelligence
MTIP's new investment in Intelligencia
Private Equity 101: Part one – Glossary
Are you new to the healthtech space?
Leading brands revolutionize care journeys with Lumeon
How Lumeon orchestrates care journey
Trialbee – our hero in patient matching and recruiting for clinical trials
Trialbee - patient matching and recruiting
Digital healthcare: patient-first?
Digital Healthcare Report 2021 in collaboration with Dealroom and INKEF Capital
SFDR – How does MTIP approach the EU’s Sustainable Disclosure Regulation?
New SFDR obligations
MTIP Announces Strong First Closing of Fund II to drive Healthtech Innovation
First Closing of Fund II
How to pitch to a healthtech Investor
MTIP invests in Koa Health to make mental health treatment more accessible
New investment in Koa Health
MTIP scored fantastic grades in the UNPRI assessment report of 2020
UNPRI Report grades 2020
4 Health VCs Share Their Business Priorities and What is Next
MTIP invests in Trialbee
New investment in Trialbee
TytoCare closes $50 million round as the demand for telehealth accelerates
TytoCare closes new round
The digital healthtech sector is expanding – and so are we!
Two new empolyees start in April
MTIP has sucessfully exited Blueprint Genetics
Blueprint exit January 2020
New MTIP investment in Oviva
New investment in Oviva
Whitepaper: A positive prognosis for the future of healthtech
Our first Whitepaper
Elite Summit 2019 – Interview with our Managing Partner Christoph Kausch
Elite Summit 2019
MTIP Healthcare Clinic 2019
Healthcare clinic 2019
New MTIP investment in Cynerio
New investment in Cynerio
MTIP invests in Lumeon Ltd.
New investment in Lumeon