The healthcare industry is driven by patient care and medical devices and data that enable them. Modern healthcare delivery organizations (HDOs) are adopting a new generation of connected Internet of Things (IoT) devices and Internet of Medical Things (IoMT) to monitor patients in real-time to increase comfort and avoid life-threatening conditions. Other uses include providing improved patient care outcomes, dispensing medication, measuring and assessing treatment eﬀectiveness, clinical workflow efficiencies, and many other data-driven healthcare decisions.
There can be as many as 15-20 IoT and IoMT devices per bed in most hospitals. Equipment like insulin pumps, x-ray, CT and MRI machines, defibrillators, ventilators, anesthesia machines, pacemakers, blood gas, diagnostic equipment, “smart beds,” and many other types of clinical equipment operate using unique protocols and communications that are a common blind spot for IT security teams because their usual tools cannot give them the needed visibility or capability.
Unfortunately, while these connected, but often unmanaged devices deliver patient care and business benefits, they also increase cyber risk exposure and the attack surface available for threat actors.
IT teams and clinical engineering departments alike struggle to gain the needed visibility and control over these mostly unmanaged devices and the risks they pose.
Enter Cylera, a leader in IoT and medical device/IoMT security. The Cylera Platform, which is Cylera’s ﬂagship product, provides the most leading-edge technology available in healthcare IoT. Cylera delivers visibility, risk detection, and threat prevention for all connected IoT and IoMT assets to safeguard patient care, safety, privacy, and assure business continuity.
Winds of Change
Cylera was co-founded by Timur Ozekcin, Sean Abraham, and Paul Bakoyiannis in 2017 in New York City with a mission to create the leading solution for healthcare organizations for securing their IoT, IoMT, and even operational technology (OT) such as building security, lighting, climate controls, elevators, access points, etc.
Cylera newly patented and patent-pending Artificial Intelligence (AI) and Machine Learning (ML) techniques provide asset identification and management, network analysis, risk assessment, threat detection and intelligence, network segmentation, operational analytics, and third party integrations such as with Cisco, IBM, Forescout, ServiceNow, Palo Alto, Fortinet, Nuvolo, and others.
“One of the first places most want to start is the need for a current asset inventory of their IoT and IoMT,” says Ozekcin. “This helps both IT and clinical organizations immensely. For many, it’s the first accurate and in-depth insight into what they actually have connected in their network. They’re usually amazed at what we help them learn.”
“Our patents also allow us to deliver zero-touch vulnerability assessments on those assets through an innovative IoT Emulation Engine™, which creates digital twins of the devices,” said Cylera’s CTO Paul Bakoyiannis. “Cylera can ﬁnd, prioritize, and respond to security gaps that may relate to medical devices even connected to patients, but never interacts with the physical devices themselves.”
Cylera also provides device maintenance and usage information which ultimately saves costs and improves patient care through better ﬂeet management and optimization.
The product aligns with essential security frameworks and standards such as HIPAA, NIST Cyber Security Framework (CSF), ISO, CIS, PCI-DSS and others which speed compliance and keep organizations within regulatory requirements.
Setting Benchmarks of Innovation
Cylera has many diﬀerentiators from others in the healthcare IoT cybersecurity space. The following are a few:
- Patented Adaptive Datatype Analysis™ Speeds identification of new and previously unseen devices where others have to constantly update to support new protocols.
- Patent-pending IoT Device Emulation™ Requires zero-touch to examine devices for weaknesses and vulnerabilities – keeping patients safe from disruption.
Cylera’s unique, patented capabilities work together to give customers details and what to do to shore up weaknesses – many of which can be risk-prioritized lower than initially expected.
- Cylera Intelligence Database – Cylera Labs has an intelligence database of proprietary and unique research information from both public and non-public global sources to which customers can subscribe.
- Device location saves both clinical and IT personnel hours of time locating available or in-use devices by guiding to where devices are physically located.
- Fleet Optimization uses Cylera metrics from devices in use to trend functions, patient counts, types and numbers of images, locations, etc. This data has helped customers to improve efficiency in patient scheduling increase equipment profitability.
Extends one platform for use by both IT teams and clinical engineering – The technology can be used, viewed, and managed for IoT, IoMT and enterprise OT, all within the Cylera platform.
Cylera’s new technologies are garnering attention with several awards, but the most notable accolades have come quietly and out of the public eye due to the threat detection and threat hunting services underway in Cylera Labs.
“Our customers are the best barometer of our success, with quotes and praise for the innovative solutions we provide our customers, and a deep understanding of healthcare IoT and other IoT markets,” says the leadership team at Cylera.
In addition, Cylera’s customers express that they appreciate the technology, the company’s responsiveness, and strong support for any healthcare IoT challenges they are trying to address.
New Cybersecurity Dynamics with COVID-19 Impact
With the technical and communication challenges around COVID-19, nation-state and attack groups accelerated efforts to target the World Health Organization (WHO), the U.S. Center for Disease Control (CDC), and regional healthcare and pharmaceutical networks globally. These aggressive attack organizations have only increased their efforts in search of intellectual property, research data, protected health information, and monetary gain through ransomware.
We asked Ozekcin for his opinion on the eﬀects of the current pandemic on the healthcare sector and what challenges did he and the co-founders faced during the initial phase of the pandemic. “Long prior to the COVID-19 pandemic, healthcare organizations have been targeted by adversaries, often by nation states. Cylera’s product can ease this cybersecurity risk while continuing to support IT and clinical engineering organizations do what they each do best,” said Ozekcin.
“Like all businesses Cylera there was an impact of COVID- 19 on our business and our employees – however the need for our solution expanded due to increasing cybersecurity risk and the need to have Cylera’s unique automated capabilities. Quick deployment, reduced costs, increased security without touching assets or patients, alignment with regulatory requirements and support for business continuity have been high value capabilities. It has been unique time for Cylera and our customers,” Ozekcin adds.
The Future Looks Bright
“Cylera is excited to build on its record growth during the last year with both clients and expanded team with a world-class executive team. Cylera’s partner program has seen many new additions with new channels partners and growing technology alliances. “Following Cylera’s new round of funding which we announced in March 2021, Ozekcin said, “we are continuing to expand internationally in Europe and in Asia.”