Medcrypt: Mitigating Medical Device Weaknesses via Vulnerability Management

Additional Info

CompanyMedcrypt
Websitehttps://medcrypt.com/
Company size (employees)50 to 99
Headquarters RegionNorth America

Overview

Medcrypt is a proactive cybersecurity solutions provider for medical device manufacturers (MDMs) and offers a comprehensive suite of products and services designed to support MDMs in navigating the complex landscape of cybersecurity within the healthcare industry. Medcrypt’s expert team collaborates with clients to develop tailored roadmaps, conduct thorough technical and regulatory assessments, and recommend appropriate technologies, tools, services, or remediation plans to ensure compliance with the US Food and Drug Administration’s (FDA) stringent security standards, both pre-and post-market.

Key Capabilities / Features

FDA’s release of its Final Cybersecurity Premarket Guidance in September 2023 along with the agency's new legal authority under Section 524B of the FD&C Act is shifting the industry's focus towards a more secure future and underscoring the need for a comprehensive cybersecurity strategy for regulatory approval. Medcrypt analyzes the implications of rejected market approval applications and deficiency letters issued by the FDA, thus helping Medcrypt and its customers to fine-tune their regulatory approach and advocate for a proactive approach to cybersecurity, recognizing the impact on patient safety. This is exemplified by Medcrypt's recent achievement, the 2023 Digital Health Award for Best in Class in Patient Safety.


Beyond its FDA Services, Medcrypt's innovative product portfolio, including Guardian, Helm, and Canary, addresses crucial healthcare cybersecurity challenges. Guardian seamlessly and easily integrates cryptographic functions into device software, addressing certificate provisioning and reliable cryptography configuration. Helm is a tool that helps device vendors manage their software bill of materials and track vulnerabilities. It specializes in pre-and post-market vulnerability management, especially for medical devices. Helm has features tailored to the medical industry and FDA guidances, including automated CVSS rescoring and streamlined FDA reporting. It helps MDMs focus on high-risk vulnerabilities and optimize their cybersecurity efforts. Canary captures medical device behavior data, giving you visibility into potential security-related incidents even for devices with limited connectivity.


How we are different

- Medcrypt's early (2016) recognition and dedication to medical device cybersecurity established the company as a pioneering industry leader, being among the first to acknowledge the importance of and focus on securing medical devices. Their foresight, and government acknowledgment, reflect a commitment to securing medical devices that go beyond market trends.


- Medcrypt is led by cybersecurity, regulatory, and medical device industry veterans, which has positioned the company as a leader in the crowded medical and health technology industry. Mike Kijewksi, the CEO, is a former founder of Gamma Basics along with co-founder and current Medcrypt CTO Eric Pancoast, a radiation oncology-focused software startup that was acquired by Varian Medical Systems in 2013. Axel Wirth, the Chief Security Strategist, has over 30 years of experience in the field. He co-authored the first textbook on medical device cybersecurity for engineers, highlighting his expertise and commitment to addressing the unique challenges in this space. Naomi Schwartz, VP of Services, brings a wealth of experience from her six-and-a-half-year career as a premarket reviewer and consumer safety officer for the FDA, further strengthening Medcrypt's capabilities in navigating regulatory landscapes. Seth Carmody, the VP of Regulatory Strategy, spent eight years at the FDA, architecting technology policies, including the development of the pre-and post-market guidances before joining Medcrypt. The team’s diverse background demonstrates a holistic understanding of the challenges in the medical and health technology sector.


- Medcrypt’s portfolio closely aligns with the FDA cybersecurity recommendations, providing clients with a roadmap that enables them to efficiently meet regulatory and compliance expectations. Medcrypt’s deep understanding of evolving FDA policies enables them to develop actionable implementation plans and deliver easy-to-implement security technologies that ensure the best practices of cybersecurity in medical devices are met.