SafetyDetectives had the privilege of speaking with Mike Kijewski, the CEO and co-founder of MedCrypt. As an industry pioneer, MedCrypt focuses on providing robust cybersecurity solutions for medical devices. During our discussion, Kijewski delved into several important topics including the intricate regulatory environments in healthcare, the security challenges confronting medical device developers, and the transformative role of artificial intelligence (AI) and machine learning (ML) in the medical device industry. This insightful conversation offered us a deep-dive into the intersection of healthcare, technology, and cybersecurity, through the eyes of an industry expert.
I’m with Mike Kijewski, CEO of MedCrypt. Thank you for your time today. Can you talk a little about your journey and what led you to co-founding MedCrypt?
I’ve always been passionate about the intersection of internet technology and healthcare. Before starting MedCrypt, I had the opportunity to found Gamma Basics, a software startup focused on radiation oncology. Our hard work paid off when Gamma Basics was acquired by Varian Medical Systems in 2013.
When I began my Master’s of Medical Physics at the University of Pennsylvania, it was coincidental to learn about the healthcare management concentration in their MBA program, which I graduated from a couple of years later. The intersection of science and an entrepreneurial spirit led me to view the healthcare space with a unique lens.
Throughout my career, I’ve balanced customer needs with manufacturer constraints, in particular for large medical devices, such as linear accelerators and x-ray imaging equipment. But my real passion lies in medical device security infrastructures. I’ve had the privilege of reviewing or consulting on over 40 such systems, giving me a deep understanding of the unique requirements for medical device systems, the challenges of minor device limitations, and the ever-evolving regulatory landscape.
Before co-founding MedCrypt, I had a role as a product manager at Varian Medical Systems. In that position, I managed cloud-based radiation oncology quality assurance systems, which exposed me to the critical aspects of healthcare data security.
All these experiences collectively drove me to co-found MedCrypt. I realized the pressing need for robust cybersecurity solutions in the medical field, especially concerning medical devices and patient data. My journey, from founding Gamma Basics to my time at Varian Medical Systems, shaped my vision for MedCrypt – the proactive cybersecurity solution provider for medical device manufacturers.
Can you provide an overview of the platform’s mission and the specific focus of its cybersecurity solutions for medical devices?
Our platform is dedicated to providing specialized medical device cybersecurity solutions that aim to unlock the full potential of digital healthcare technology. We work closely with medical device manufacturers, offering our partnership to build, maintain, and secure devices throughout their entire lifespan. A key focus at MedCrypt is implementing secure-by-design approaches to counter the rising cybersecurity threats within the healthcare sector.
How does MedCrypt navigate the complex regulatory environment in the healthcare industry while providing cutting-edge cybersecurity solutions for medical devices?
Our approach combines cutting-edge cybersecurity technology products with valuable management consulting and regulatory strategy. By doing so, we address safety concerns that arise from medical device cybersecurity, providing practical solutions to combat cyber threats. Our goal is to offer scalable and dependable safeguards for medical device manufacturers, ensuring their devices remain secure and protected.
In line with FDA requirements, our suite of security solutions at MedCrypt actively supports the approval process for innovative digital health technologies through proactive cybersecurity measures. Our team of healthcare-focused experts plays a critical role in ensuring that each medical device receives the highest level of cybersecurity without requiring in-house expertise from manufacturers. We firmly believe that all healthcare technology should have the utmost security, and by utilizing our trusted solution, medical device manufacturers can confidently safeguard the integrity of their devices throughout their entire lifecycle.
What are some of the most critical cybersecurity challenges that medical device developers currently face?
- FDA Guidance and Review Changes
- Medical device developers must navigate the evolving FDA guidance and review process, as well as consider international and customer requirements. Additionally, there is a need for translating guidance into engineering practices, so developers can train their teams on how to design proactively so that devices remain secure through the various phases of operation.
- Incorporating Security Properly
- Many groups that have previously designed devices without proactive security now have to shift their culture and incorporate security measures sufficiently and sustainably. Resisting investment in cybersecurity or attempting to solve without security specialists may no longer be viable as submissions with inadequate security are likely to fail.
- Harmonizing with Business Drivers
- As connectivity has become ubiquitous, every MDM CEO has stated they want to build a business around data. To do that, you must prioritize security protocols to ensure data integrity; otherwise, the offerings will never get off the ground.
Overall, the medical device industry is experiencing significant changes in the cybersecurity landscape, and developers will need to address these challenges proactively to ensure the security and integrity of their products and comply with evolving regulations.
With the increasing adoption of artificial intelligence and machine learning in medical devices, how does the platform integrate these technologies into its cybersecurity offerings?
Our platform is not buzzword forward – MedCrypt is solving the very real challenge of implementing security without compromising the continuous delivery of care.
What measures does MedCrypt take to ensure ongoing monitoring and detection of potential security threats on connected medical devices?
Our product offerings are designed to make it easier for device manufacturers to secure and maintain the security throughout a device’s lifetime. We offer a range of specialized products to address unique use cases for medical devices. Helm excels in pre-market and post-market SBOM and vulnerability management, while Guardian allows easy integration of comprehensive cryptography-enabled trust and data security into devices. Ghost provides a stand-off approach to data security, securing data in transit without changing existing software. Canary enables companies to detect security events by monitoring devices’ behavior in the field, alerting vendors to abnormal activities.
Our services team works closely with device manufacturers, helping them understand appropriate cybersecurity for their specific devices and ecosystems. We provide the necessary assistance to integrate our products and ensure compliance with FDA requirements.