The PEHub |By Tom York
Healthcare certainly doesn’t get a very clean bill of health when it comes to data breaches.
One report from the Ponemon Institute, and sponsored by the IBM Security, says the sector lost $6 billion in 2016 due to data breaches.
Given this large and embarrassing loss, the sector is clamoring for help from software vendors, especially from new companies with workable solutions.
Sean Cunningham, managing director at ForgePoint Capital in San Mateo, California, says the fact that a wide-range of users, ranging from doctors and nurses to third-party insurers, must have access to records only increases the vulnerability of patient security, and makes solutions harder to find.
“Healthcare is about flow of patient records, so you just can’t interrupt that,” Cunningham said. “That’s why the timely authentication of users on a network is paramount.”
In May, ForgePoint participated in a $3 million seed round in Trusted Key Solutions, a Seattle company trying to utilize blockchain technology to establish user identity on any enterprise network, including healthcare.
Seattle-based Founders Co-Op led the round, with participation from PithiaFunds, also in Seattle, which focuses on blockchain tech investments and is connected to the RChain Cooperative.
Cunningham says ForgePoint doesn’t normally do seed deals, but thought that the company merited the early investment, given the need to hit back at hackers in all business sectors.
ForgePoint is investing from a $300 million first fund, he said, with average deal sizes ranging from $8 million to $15 million.
In 2016, Forgepoint co-led a $27.5 million venture round in ID Experts in Portland, Oregon. Connecticut-based private equity firm Peloton Equity also led, with existing investors BlueCross BlueShield Venture Partners and the Sandbox Advantage Fund taking part.
ID Experts performs what is called remediation after a breach, helping healthcare systems notify patients whose records have been taken and doing the other unpleasant tasks after a hack.
“They’re the only company out there right now that does anything with medical records,” he said.
One potential entry point for unwanted intrusions are medical devices, such as EKG and MRI machines, which use different software protocols depending on the vendor.
The lack of standardization is a hack waiting to happen, says one VC.
In late 2017, YL Ventures, which has offices in Tel-Aviv and Marin County, California, led a $5.4 million seed round in Medigate, which is developing industrial-strength embedded software necessary to shield devices within sprawling networks. Blumberg Capital in San Francisco participated in the round.
Ofer Schreiber, a YL partner and head of the Israeli office, said healthcare differs from other sectors, such as manufacturing and automotive, when it comes to protecting so-called embedded devices.
“There is no one size fits all solution,” Schreiber said. “Each device [and every] medical equipment requires specialization, and a deeper understanding of how to provide protection.”
“Traditional IT vendors unfortunately don’t have products to protect these devices,” he added.
He said data security company Palo Alto Networks began selling Medigate’s medical device cybersecurity app in May to its healthcare customers.
Bob Ackerman, co-founder and managing director at AllegisCyber in San Francisco and a major investor in DataTribe, a Maryland startup studio says he’s invested in several companies pursuing products that works with healthcare as well as other sectors.
In late, 2017, the firm participated in a $1.5 million seed round in ReFirm Labs in Baltimore, which is developing security products and firmware validation for IoT equipment, often located at the edges of system networks and thus more vulnerable to intrusions.
Ackerman says ReFirm Labs is developing software that should be a good fit for healthcare because so many doctors, nurses and other providers in healthcare are accessing the network using smart phones, tablets and handheld monitors.
“This is the big, big vulnerability in healthcare right now,” he said.
In November 2017, DataTribe invested in a $4 million in Enveil, a suburban Washington, D.C company, which is using a process known as homomorphic encryption to shield data interactions across a network. Other participants in the round included corporate investors Bloomberg Beta and Thomson Reuters, as well as In-Q-Tel, the venture arm of the CIA.
“This has very specific relevance to protecting patient records,” he said. “They’re in the business of trying to save lives, so they haven’t grown up with a bullseye on their back like financial services,” he added.
“Hackers can easily monetize a patient record,” Ackerman said, “It is exponentially more valuable than a credit card number, if you can get your hands on a medical record, you can duplicate an identity that’s worth five times the cash than a credit card on the Dark Web.”
Tom York is a San Diego-based contributor. He can be reached at [email protected]