In the development of technology to prevent defibrillators, pacemakers and other connected medical devices from being maliciously hacked, Dundalk start-up Nova Leah is leading the field globally.
It has been first to market with an intelligent software tool which can carry out a risk assessment and ensure that manufacturing companies produce devices which comply with cyber-security requirements set out by regulatory bodies. Since launching on the market in June last year, it has been targeting the $133bn US medical device market.
Medical device hacking has provided plots for both books and movies, but according to Nova Leah founder Dr Anita Finnegan, it is not just the stuff of fiction. “Although there have been no reports of patient harm due to cyber attacks, researchers have openly demonstrated that connected devices including insulin pumps, pacemakers and defibrillators can be hacked,’’ she said.
She also said it is the awareness by the Federal Drugs Authority (FDA) in the US, the largest medical devices market in the world, of the vulnerability of devices, that is now driving the market. “The FDA is insisting that manufacturers address the risk and has published guidelines for cyber-secrity risk management.” The vulnerability of connected devices to hacking, she explains, has occurred because of the fact that medical device technology has developed faster in recent years than the cyber technology required to ensure its safety.
Dr Finnegan is a recognised expert in the medical device cybersecurity domain who has authored two international medical device cybersecurity standards. Her PhD research involved developing a framework for establishing confidence in the security of medical devices. Working at Dundalk Institute of Technology Enterprise, she subsequently secured commercialization funding from Enterprise Ireland to develop a cybersecurity risk analysis system for the medical devices industry.
In 2016, she licensed this technology, called Select Evidence, from Dundalk Institute of Technology and set up Nova Leah as a spin-out at an incubation centre on campus. Taking on two co-founders - including her PhD supervisor and director of software research centre Fergal McCaffrey — she secured seed investment from COSIMO Venture Partners.
“The software was commercially ready when we launched in June. Since then, we piloted it with some leading medical device companies to bring it in line with their requirements,’’ said Dr Finnegan.
Explaining that SelectEvidence guides medical device manufacturers through cyber-security processes during design, development and maintenance, she said it operates by identifying security vulnerabilities and finding appropriate security requirements to mitigate risk. Given that it is the FDA in the US which is at the forefront of ensuring that medical device manufacturers address cyber-security issues, Nova Leah is now focusing all its attention on the US market. As the first to market with a cyber-security risk management tool, Dr Finnegan sees huge opportunities for the company and plans to grow sales aggressively.
“Our aim is to start with the US market and then roll-out in Asia and Europe over the next three years,’’ she said, adding that once cybersecurity regulations have been introduced in the US, the rest of the world can be expected to follow suit.
In the last year Nova has carried out pilot projects with four of the world’s leading global medical device manufacturers and is now in the process of signing licensing agreements with its first two customers — two large medical device companies in the US.
The company now employs four people, including a sales person in the US who started in recent weeks. “We have now recruited two more and aim to have a staff of 12 by the end of the year.
By 2021, we will have scaled up to a total of 70, by which stage we expect to be ready to exit,’’ said Dr Finnegan.
This year the company plans to raise between €2m and €3m in funding to grow the business and is set to receive High Potential Start-Up investment from Enterprise Ireland.