enterprisesecuritymag

Nova Leah: Reinforced Medical Device Security

Follow Nova Leah on :

Anita Finnegan, CEO, Nova LeahAnita Finnegan, CEO
The cost of a data breach for healthcare organizations continues to rise; what was $380 per record in 2017 became $408 per record by the end of last year. Medical data is undoubtedly a soft target, ripe for the picking. Network-connected medical devices are a significant security vulnerability in and of itself, meaning that they contribute a great deal to the damages caused by data breaches.

“With new regulatory guidance being developed by FDA, medical devices manufacturers will need to prove that their devices are secure...” This is one of the opening lines from the paper, “A Security Argument Pattern for Medical Device Assurance Cases,” published in 2014 and co-authored by Anita Finnegan, founder of Nova Leah. Her company has realized the security framework proposed by Anita in her paper, to create their flagship product, SELECTEVIDENCE. With the first regulation by the FDA surrounding medical device cybersecurity published in 2012 and the subsequent one in 2014, the body has already started revising those regulations, which really goes to show the emphasis of how highly sensitive FDA is about medical device security in the marketplace. A cybersecurity risk management compliance solution, SELECTEVIDENCE checks every line item of the FDA pre- and post-market cybersecurity guidelines to establish an accurate rendition of the regulatory aspects of medical device cybersecurity. Nova Leah goes even further in improving the organization’s security posture by feeding a manufacturer’s software bill of materials (sBoM) into SELECTEVIDENCE, which will then continuously monitor that sBoM to identify associative vulnerabilities, to identify controls or patches if available and provide a tool for establishing the risk level. Nova Leah’s objective is to ensure that the existing software and system development teams in the medical device industry can utilize SELECTEVIDENCE and perform the work that a cybersecurity engineer would do.

SELECTEVIDENCE lends itself as an easy-to-use turnkey solution, i.e., the definitive medical device cybersecurity framework.

Nova Leah goes even further in improving the organization’s security posture by feeding a manufacturer’s software bill of materials (sBoM) into SELECTEVIDENCE, which will then continuously monitor that sBoM to identify associative vulnerabilities, to identify controls or patches if available and provide a tool for establishing the risk level


Concurrently, the product offers quite a number of customizable features that manufacturers can tweak to suit their business processes, such as in the way that they evaluate cybersecurity risks. That is, while some prefer to use a qualitative method to assess risks based on a high-low-medium classification, others may choose to adopt an approach that may be most recommended in critical infrastructural domains, known as the common vulnerability scoring system (CVSS). This is how flexible and easy it is to customize SELECTEVIDENCE. Additionally, the solution can take historical data as input, if manufacturers have done some cybersecurity risk assessments for vulnerability monitoring in the past. The application is intelligent, supported by repositories of threats, vulnerabilities and security controls, all interlinked, which makes it intelligent and intuitive. “If SELECTEVIDENCE identifies one threat, it can then see all potential vulnerabilities that could realize these threats and then a catalogue of controls that could mitigate the risk,” states Anita.

With regulations and best practices changing frequently, Nova Leah is continuously evolving SELECTEVIDENCE in line with these expectations. The FDA has now drafted the premarket cybersecurity documents, and one of the key goals for Nova Leah is to stay on top of regulation and best practices so that their customers never need to worry. The primary driver for Nova Leah is the importance of intelligence and knowledge sharing to capture data from the industry, as and when it becomes available so that it may be shared with customers.
Share this Article:
Nova Leah

Company
Nova Leah

Headquarters
Dundalk, Republic of Ireland

Management
Anita Finnegan, CEO

Description
Nova Leah specialises in cybersecurity risk management software solutions for the medical devices and healthcare industry

Nova Leah News

Nova Leah and Dundalk IT secure €3.7m in funding

Dundalk IT and spin-out company Nova Leah have received funding for two projects in the areas of medtech and connected health cybersecurity.

Nova Leah is a medical cybersecurity specialist company that started as a spin-out from Dundalk IT. In late 2018, the company raised €2.25m in a funding round to improve the security of connected devices used by healthcare providers.

Now, the educational body and the start-up have together secured €3.7m in total funding to support two industry projects aimed at driving disruptive innovation in the areas of medtech and connected health cybersecurity.

The projects were confirmed as part of the Government’s Disruptive Technology Innovation Fund, a €500m fund established under the Project Ireland 2040 capital investment plan.

The first project aims to develop a hosted software platform that will facilitate the timely sharing of security-related information across the medical device and healthcare industry, to enhance the security posture of the industry as a whole. This project will receive €1.5m in funding. Co-founder of Nova Leah, Dr Fergal McCaffrey, said this funding will allow the company to advance its capabilities in AI, data analytics and blockchain techniques, to enhance how healthcare providers can manage and prevent security-related incidences for their medical devices.

The second project, entitled Medical Imaging Ireland, is a broader collaboration between Dundalk IT, Nova Leah, IBM Ireland, University College Dublin and Davra Networks. This will disrupt the Irish medical imaging market by delivering a platform with enabling technologies that can host, manage, process, and analyse image and text data.

Peter Finnegan, co-founder of Nova Leah, said this project will be essential for many patients. “One in two people will be diagnosed with cancer during their lifetime, and four in five will suffer from cardiovascular diseases. These disease types, and at least 15 others, are diagnosed and managed using complex imaging modalities that produce both structured and unstructured data at an ever-increasing volume and velocity,” he said.

“Medical Imaging Ireland will provide much-needed technology solution for the market to host, manage, process and analyse this data.”

Speaking today (4 March) about the funding announcement, Dundalk IT president Dr Michael Mulvey said Nova Leah is a fantastic success story that has already established a reputation as a world leader in the provision of cybersecurity solutions for medical device manufacturers and healthcare providers. “We are delighted to continue our relationship with Nova Leah through research collaboration to develop technological advancements in medtech,” he said.