by Lauren Dubinsky
, Senior Reporter | September 25, 2017
RefleXion Medical announced today that it chose MedCrypt to secure its biology-guided radiotherapy system.
“What we’re doing with RefleXion is encrypting the data so people can’t steal it, but also [making it] so the device is only acting on instructions that it knows came from another part of the RefleXion system,” Mike Kijewski, CEO and co-founder of MedCrypt, told HCB News.
The FDA’s recently updated guidelines on new device manufacturing require vendors of IoT devices to focus on cybersecurity. Manufacturers have staff members with expertise in medical imaging and radiation therapy, but they likely don’t have a cybersecurity expert, according to Kijewski.
Midmark Workstations are made to order with customization that can assist with the integration of telehealth and other technology at the point of care, wherever that may be. See more>>>
“There is an advantage to having some neutral third party providing security technology for multiple medical device vendors, because we get an overview of what other medical device vendors are doing from a security perspective, including problems they have run into,” he added.
RefleXion’s BgRT system, which is still under development, leverages PET imaging to allow tumors to continuously signal their location and activity levels during the radiotherapy procedure. Multiple tumors can be treated simultaneously and dose can be adapted in real time to specific biological characteristics of the tumors.
MedCrypt’s software ensures that the treatment that’s being delivered matches the treatment parameters that the clinicians entered into the system.
When asked why a radiotherapy system would be hacked, Kijewski said there are a variety of reasons, not all of which are financial or logical. Some companies make poor design decisions from a security perspective and an intellectually curious hacker may want to point that out.
However, most of the cases of medical device cybersecurity vulnerabilities over the last 18 months started when independent researchers poked around and found something bad. Some security firms even buy medical devices to hack them so that if they find vulnerabilities they can try to get the company to pay them to fix the problem.
MedCrypt also partnered with the connected therapeutics company, QuiO, in February to secure its set of cloud-connected injection devices. Kijewski reported that he’s confident that by this time next year, MedCrypt will have similar customer announcements for companies that are even bigger than RefleXion.