Are Medical Devices Safe in Cyber Space?

Volume 1, Safeguard Scientifics

Are Medical Devices Safe in Cyber Space?

The answer is no, not yet.

Safeguard Scientifics invests in MedCrypt and the future of health care security.

By Stacey Singer DeLoye


In the second season of Showtime’s white-knuckle-suspense series “Homeland,” a terrorist network murders the vice president of the United States by hacking his defibrillator-pacemaker and causing it to deliver a lethal surge of electricity — vengeance for a drone attack that had killed the cell leader’s beloved child.


Medical physicist Mike Kijewski watched the episode at home, slack-jawed in disbelief.

“I turned to my wife and said, ‘B.S.! There is no way they could do that! They couldn’t do that!’”


Upon researching the matter, however, the entrepreneur learned they absolutely could. Academic hackers had already succeeded. Medical device security is years behind other industries, Kijewski learned. Hackers and their malware are capable of disabling or infiltrating and commandeering many types of implantable, in-hospital, wearable medical devices — anything that sends and receives data, he said.


At risk are not just pacemakers but insulin pumps, infusion pumps, X-ray machines, CT scanners and the devices that inject contrast agents into patients — any medical device that could be accessed wirelessly or connected to a computer network. Insecure medical devices offer hackers a portal into an entire health system’s computer network, putting far more than one device at risk, he said.


Watching that episode, which first aired on Dec. 2, 2012, was disturbing and exciting, he said. Disturbing because of the potential for harm, exciting because Kijewski realized he could make a difference. Kijewski understood medical devices and software, and he had recently sold his first startup corporation, a radiology oncology software firm called Gamma Basics. An industrywide problem begging for an outsourced software solution sounded like the ideal niche for his next company. In 2014, he reached out to his instructor from business school days at the Wharton School of the University of Pennsylvania, Dr. Gary Kurtzman, with the kernel of his idea.


Three years later, their early-stage startup, MedCrypt, has created a software-as-a-service, business-to-business solution for medical device-makers intended to protect their customers from bad actors of all sorts. MedCrypt is moving quickly, going from prototype to proof of concept in a matter of months. Its technology is designed to allow only trusted sources to instruct the medical devices, by layering in multifactor authentication, encryption of data

and cryptography. It serves hospital-based equipment and patients’ wearable and implanted devices. Its machine-learning feature can flag unusual user behaviors and act to protect a hospital’s linked information technology network.


Protection from bad actors


“Our next batch of deliverables is to get that proof of concept into the marketplace, making sure we are supporting all of the claims we are making. After that, the next phase is to scale to a much larger number of subscribers,” Kijewski said. He’s immersed in what he’s doing. “I was up at 5:45 a.m. today, and I was excited to wake up and get started. All in all, it is the most exciting job I could have.”

Plenty of would-be entrepreneurs have come up with solid ideas for new products and services, but ones who can transform a good idea into a fundable company are rare. Kijewski had the winning combination of a solid concept, an entrepreneurial mindset, a track record of success and an impressive network of collaborators and mentors who trusted and believed in him, including Kurtzman.


He also had the background and drive to succeed. A former high school physics teacher, Kijewski enjoyed writing software to make his own job run more smoothly. After a teachers union leader warned him he was making other teachers look ineffective, he left for graduate school to specialize in medical physics, a discipline that applies physics to imaging and radiation cancer treatments.


Kijewski’s all-important network of backers and collaborators had formed during and after his graduate studies at the University of Pennsylvania. That’s where he met Kurtzman, managing director of Safeguard Scientifics, a publicly traded growth capital provider to early- and growth-stage companies. “He’s very much my career mentor,” Kijewski said.


Kurtzman said his confidence in Kijewski’s ability developed in that Wharton lecture hall. Kurtzman teaches a course on health care entrepreneurship: “Mike wrote a business plan for software to help radiation physicists do their job,” Kurtzman recalled. “He came in as a student with no business background, wrote that business plan, got an A in the class and also got into Wharton.”


Kurtzman, a physician by training, started his professional life as an internist with a hematology subspecialty. His initial business successes came during the years he worked as a virologist for Gilead Sciences, at the time a pre-IPO biotechnology company whose first blockbuster product was the anti-influenza drug Tamiflu. Twelve patents, 40 research articles and book chapters and multiple startups-to-acquisitions later, Kurtzman has developed a keen talent for cultivating solid, fundable ideas and, especially, the talented people capable of bringing them to fruition.


Building a network


Kurtzman’s investment in Kijewski’s first company, Gamma Basics, had gone well. Kijewski had started Gamma Basics in 2009 with a Philadelphia-based computer scientist, Eric Pancoast. In an archetypical “scrappy startup story,” the two met through a Craigslist ad. Pancoast, a recent computer science graduate, spotted an advertisement seeking software programmers. Kijewski, a poor college student, had posted it.


“My ad on Craigslist said, ‘Penn grad student looking for software programmers.’


All responses came from outside the United States, with the exception of Eric’s,”

Kijewski recalled. The two agreed to meet at the notorious Philadelphia dive bar Sugar Mom’s. “I could have been lured into a trap and wound up in somebody’s trunk, but we ended up starting the company together basically there, that night,” Kijewski said, laughing.


The company they sketched out on the bar would develop software solutions for a niche of medical physics that had been overlooked and underserved by larger vendors. Nearly five years later, in 2013, Kijewski and Pancoast sold their startup to Varian Medical Systems. When Kijewski approached Pancoast about launching a second company, Pancoast said he was too busy with other projects, so Kijewski tried to find someone comparable. He couldn’t.


“I interviewed 25 other CTO candidates. The best was only 25 percent as good as Eric. So we came up with a way for him to do it that worked with his schedule,” he said.


Because of the team’s successful track record, Kurtzman was open to new ideas they brought in. However, he wasn’t initially convinced about there being a market for medical device security providers, Kijewski recalled.


“I explained the notion that a medical device could be hacked. I said we could prevent that,” Kijewski said. “He was like, ‘Why would anybody hack a medical device?’”

I explained the notion that a medical device could be hacked. I said we could prevent that,” Kijewski said.

Finding the market


It’s a common first reaction for most reasonable people, one that medical device-makers themselves long held. After all, a pacemaker isn’t an ATM; a drug infusion pump doesn’t hold credit card or bank account information. What incentive would anyone have to interfere with one? It was 2014 and, at the time, no one had heard of Petya or WannaCry — ransomware attacks on hospitals that have become an urgent threat. No one realized that malware could disable imaging software or anesthesia equipment.


In hindsight, the risks were immense. Infusion pumps are ubiquitous hospital- and outpatient clinic-based medical devices that deliver adjustable doses of medication to patients. They’re used to deliver anesthesia to people undergoing surgery, labor-inducing drugs to women delivering babies, pain medication to people recovering from procedures, and chemotherapy drugs to people fighting malignancies, to name a few. There are millions of them in use. Nearly all connect to hospital information technology networks, feed data into patient records, send alerts to nursing stations and enable remote dosing changes. Overdoses could cause death.


Pacemakers, meanwhile, are thumb-sized, surgically implanted, battery-powered electrical devices that stimulate key nerves on the heart muscle with tiny electrical pulses calibrated to direct the heart’s pumping rate. Pacemaker-defibrillators can prevent sudden cardiac death by delivering a stronger shock in case of a life-threatening arrhythmia. Although they remain inside the body, they are connected via the internet or antenna, enabling physicians to see data about their patient’s heart’s pumping rate and rhythm, to assess whether adjustments are needed and to make the adjustments in office.


Twenty years ago, pacemakers had no connectivity. A physician needing to adjust the settings had to invasively insert a large needle into the patient’s armpit and snake manually controlled tools down to the device, creating an infection risk. Technological advances allowed that adjustment to happen via radio frequency communication. Unfortunately, while remote access has minimized the infection risk, it has opened new types of risks.


In 2007, a group of computer scientists based at the universities of Washington and Massachusetts hacked into one of the new-generation defibrillator-pacemakers in their lab. They created an antenna that listened to the device’s signals, “learned” its language and then instructed it to deliver a potentially heart-stopping jolt of electricity. The U.S. Food and Drug Administration said the study represented the first report of such a hack.


Growing dangers


At the time, Vice President Dick Cheney had a similar implanted defibrillator.

He later told “60 Minutes” that his doctor knew of the risk and advised having its wireless control disabled, because someone in a neighboring hotel room, given the right reprogramming device and expertise, could conceivably have caused Cheney’s wireless, radio-controlled device to kill him.


Once Kijewski started looking, “Suddenly, it seemed like every couple of months we’d hear about a medical device being hacked.”


In October 2011, notorious New Zealand “ethical hacker” Barnaby Jack elicited gasps from his audience at the Hacker Halted conference in Miami. Onstage, he demonstrated how he had commandeered a common insulin pump and forced it to deliver what would have been a lethal dose of insulin to a person with diabetes.


The insulin pump, much like defibrillator-pacemakers, relied upon a radio transmitter for physician control of patients’ doses.


Jack had written software and designed a special antenna that allowed him to take control of any and all of those devices within 300 feet, even if he didn’t know their serial numbers. His software exploited USB devices that had been released by the medical device’s manufacturer to enable doctors to monitor patients’ devices from their computers.


It was then that a movement to create a nonprofit safety alliance to advance medical device security launched, MDISS, the Medical Device Innovation, Safety and Security Consortium. The nation’s health care infrastructure depends upon safe and secure medical devices, organizers warned. Software malfunctions have been blamed for thousands of recalled infusion pumps and implanted medical devices, they noted. “Security breaches in the health care industry escalate each year and represent an increasing patient risk as the prevalence of networked medical devices increases.”


Movement to increase security


A decade has passed since the “ethical hackers” turned their attention to networked and externally controlled medical devices. Since then, hackers have found glaring security vulnerabilities in multiple devices, and ransomware attacks have infected hospital computer networks and the software that runs some medical devices. The FDA has issued multiple warnings and even recalls for security lapses.


Because medical devices tend to remain in use for a decade or more after they’re sold, these units remain on the market in large numbers. Some are upgradeable, but others are not, Kijewski said.


“You can buy used pacemaker interrogators on eBay for next to nothing. If you could get ahold of one of the things, you could go to an airport, get within 100 feet of people still using that type of pacemaker, and you could change the settings on that pacemaker,” Kijewski said.


By 2014, Kijewski went into high gear. He connected with Brett Hemenway, a research assistant professor in the department of computer and information science at the University of Pennsylvania whose expertise was in using mathematical tools to create secure and robust information systems — exactly what Kijewski needed. “Brett and I met in Philadelphia. I outlined what the solutions to the problem should be, and we came up with a concept.”


Meanwhile, medical device security vulnerabilities finally had the full attention of the FDA. In July 2015, the agency urged health care providers to find alternatives and discontinue use of a group of medical infusion pumps, the Symbiq Infusion System by Hospira, because ethical hackers found they could gain control of and change the dosage the pump delivered.


Soon after, Kijewski and Brett presented their business plan to Kurtzman at Safeguard. “I asked if we were far enough to do a seed round, and he said yes.”


Their timing couldn’t have been better. The FDA was issuing draft guidance for how security of network- connected medical devices should be maintained over the life of the devices. The draft was finalized a year later. Although the guidance was voluntary, at that point, medical device-makers were on notice that they should “bake in” security planning of connected devices and have a way to monitor, detect and mitigate attacks over the life of the devices. They should test devices for vulnerabilities before release to the marketplace and be able to deploy software patches quickly when new threats appeared.


Timing plays an important role


That need for post-market surveillance was MedCrypt’s sweet spot — its very business model. Kijewski, Hemenway and Pancoast started building their software. The computer industry had developed a culture of continual improvement of their already-sold products — release, update, update, update — but it was an unfamiliar zone for some medical device-makers.


“These devices are sold largely as single-sale devices, or ‘You can buy a service contract and then we will pick up the phone if there’s a problem,’” Kijewski said. “There isn’t a notion that, ‘We will be responsible for the security of this device for the next 15 years.’”

But in the Internet of Things era, as device vendors have added connectivity, the manufacturers haven’t all come to terms with the fact that they’re essentially becoming internet companies, he said. He predicts the device- makers will move to an equipment-rental model. “You need to keep up with what’s going on here. There is a business model change that needs to happen with device manufacturers.”


Kijewski said MedCrypt’s biggest challenge so far is that many of the medical devices already on the market lack the memory and processors needed to accept continuous software patches. Another challenge is adapting their system to the various system architectures used by medical device-makers. The innovation of the company isn’t so much its code as its method of integrating that code with manufacturers’ medical devices, he said.


“Our code utilizes open source cryptography code, like OpenSSL, and we use different versions depending on the scenario. But the way we integrate that into a medical device is not open source,” Kijewski said. “We identified early on there were probably six or seven common architectures that medical devices use. We do development for each of those stacks.”


Taking the company’s product out into the marketplace has been interesting, he said. He’s encountered a mix of responses from manufacturers depending on their size, their preparedness and even the generation of the engineers he meets.


“What we are saying is, device-maker, you are having a hard time servicing your devices,” Kijewski said. “Let us give you 20 lines of code to put into your application. Then, when your device is out in the field, we can monitor your device, issue patches when necessary, and we can update the MedCrypt part without affecting the device logic.”


The biggest challenge is reassuring medical device-makers that a seven-person startup will have the staying power they need, he said. Kijewski said he’s not going anywhere.


“I think there’s a big need here in the marketplace, and there is a plausible path for us to become one of these big health care security companies,” he said.


Varied responses


Kurtzman, now MedCrypt’s chairman, agreed. Medical devices haven’t had their “Tylenol moment,” a high-profile disaster that must be rapidly responded to, he acknowledges. Hopefully, it will never come. But 2016 saw something terrifyingly close, the emergence of highly effective ransomware attacks that shut down hospital networks — and hospitals. By September 2016, MedCrypt announced that it had raised $750,000 in a seed funding round led by Safeguard Scientifics and several angel investors, including ThingWorx, the Wharton Alumni Angel Network, the former chair of radiology at the University of Calgary and the CIO of Christiana Care Health System.

In 2017, MDISS was deploying a network of medical device safety testing laboratories around the nation, to “focus on identifying and mitigating medical device vulnerabilities, sharing solutions and best practices, and device security education and awareness.” MedCrypt’s technology was designed to take advantage of the findings and rapidly deploy such solutions.


Meanwhile, the ransomware threat, reportedly spread by North Korea, finally reached medical devices. Medrad devices made by Bayer, devices that administer contrast agent used in imaging, had become infected during one of the attacks. Bayer quickly had to issue security patches to its customers, in a rapid response similar to MedCrypt’s service model. The future of medical device security is clear: Catching threats early and patching them quickly is a must.


“Hopefully the catastrophic moment will never happen,” Kurtzman said. “But who would have imagined the recent events at Equifax?”