San Diego-based MedCrypt Inc., a provider of security solutions for the healthcare space, announces the acquisition of MedISAO, a cybersecurity information-sharing organization dedicated to supporting the medical device industry. 

MedCrypt is now offering MedISAO’s information sharing analysis network for small and midsize business (SMB), as well as its Cyber Protek Software Bill of Materials (SBoM) and dependency vulnerability management tool, alongside MedCrypt’s flagship software solutions. MedISAO’s founder, Daniel Beard, will also join the MedCrypt team in integrating and expanding the platforms.

“It can take anywhere from six months to a year for a new medical device to get its 510(k) clearance from the FDA,” says Mike Kijewski, MedCrypt CEO. “Our goal is to help device manufacturers meet the requirements from the FDA’s premarket and postmarket cybersecurity guidances, and MedISAO’s information sharing organization and Software Bill of Materials tool helps us do just that. Together, we’re helping manufacturers bring critical medical devices to market more quickly, reliably, and safely.”

In its postmarket cybersecurity guidance, the FDA encourages medical device manufacturers to participate in a vulnerability sharing organization. MedISAO is currently one of only three information sharing and analysis organizations that was created to meet this recommendation from the FDA.

“I initially created MedISAO to help fill the information sharing gap among smaller medical device manufacturers that were just getting started with cybersecurity. As demand for our platform grew, we realized our customers were in need of a Software Bill of Materials tool as well, so we created Cyber Protek,” says Daniel Beard, founder of MedISAO. “Joining MedCrypt will help both companies’ customers to expedite, manage, and demonstrate cybersecurity compliance, increasing security and decreasing the time it takes for life saving devices to market. I’m thrilled to join the innovative team at MedCrypt.”

MedISAO members receive weekly vulnerability advisories, coordinated vulnerability disclosure forms, and access to a vulnerability database with custom filters. Members who purchase Cyber Protek gain access to an SBoM generation tool, can analyze for vulnerabilities that affect their device, and benefit from a medical device management platform.

 MedISAO and MedCrypt see this as an opportunity to advance the state of medical device cybersecurity and look forward to continued collaboration with industry partners, like the Health Information Sharing & Analysis Center (H-ISAC).