Healthcare cybersecurity company MedCrypt has acquired cybersecurity information-sharing organisation MedISAO for an undisclosed amount.
The acquisition enables MedCrypt to offer MedISAO’s solutions alongside its flagship software products.
These include MedISAO’s information-sharing analysis network for small and midsize business (SMB), the Cyber Protek Software Bill of Materials (SBoM) and dependency vulnerability management tool.
As part of the deal, MedISAO founder Daniel Beard will join the MedCrypt team.
MedCrypt CEO Mike Kijewski said: “It can take anywhere from six months to a year for a new medical device to get its 510(k) clearance from the FDA.
“Our goal is to help device manufacturers meet the requirements from the FDA’s premarket and postmarket cybersecurity guidance, and MedISAO’s information-sharing organisation and Software Bill of Materials tool help us do just that. Together, we are helping manufacturers bring critical medical devices to market more quickly, reliably and safely.”
The Food and Drug Administration (FDA) encourages medical device manufacturers to participate in a vulnerability sharing under its postmarket cybersecurity guidance. MedISAO is one of the three information-sharing and analysis organisations that were formed to meet this recommendation from the regulatory agency.
MedISAO members are provided with weekly vulnerability advisories, coordinated vulnerability disclosure forms and access to a vulnerability database with custom filters.
The Cyber Protek solution offers clients access to an SBoM generation tool and enables them to evaluate vulnerabilities that affect their device and use its medical device management platform.
Daniel Beard said: “I initially created MedISAO to help fill the information-sharing gap among smaller medical device manufacturers that were just getting started with cybersecurity. As demand for our platform grew, we realised our customers were in need of a Software Bill of Materials tool as well, so we created Cyber Protek.
“Joining MedCrypt will help both companies’ customers to expedite, manage and demonstrate cybersecurity compliance, increasing security and decreasing the time it takes for life-saving devices to market.”
Following the acquisition, MedCrypt and MedISAO will work together to enhance medical device cybersecurity across the healthcare space. The merged entity will also continue to collaborate with industry partners, including Health Information Sharing & Analysis Center (H-ISAC).