EMERGO by UL, a global medical device and healthcare technology consultancy, and San Diego-based healthcare cybersecurity developer MedCrypt announce an alliance that offers comprehensive cybersecurity regulatory affairs, quality management, and technical solutions for medical device manufacturers.

The companies’ collaboration will help manufacturers address requirements from the U.S. FDA as well as other market regulators for cybersecurity risk management and mitigation capabilities of connected medical devices and systems.

In 2018, the FDA released its pre-and post-market guidelines that outline issues manufacturers need to consider in the design and development of their medical devices to ensure cybersecurity vulnerabilities are adequately addressed. The post-market guidance outlines a risk-based framework to ensure manufacturers could quickly respond to new threats once a device is in use.

Under this new mutual referral agreement formed by EMERGO by UL and MedCrypt, the two companies will refer prospective clients to one another and co-market their cybersecurity software solutions, consulting, and risk management services to ensure clients understand and meet the FDA’s requirements.

“While the healthcare industry has made significant strides when it comes to cybersecurity, the increase in targeted attacks in the last year alone shows us there is still significant work to be done to make security a top priority,” says Mike Kijewski, MedCrypt’s CEO. “Healthcare companies and vendors are challenged with determining how to continue to innovate and deliver clinical therapies—but doing so while being secure.

He adds, “This collaboration with EMERGO by UL provides our combined networks of customers with a wider set of services that together ensure security is designed into a device throughout its entire lifecycle, which is the best bet we have at moving the needle for better healthcare security.”

Since late 2009, The U.S. Department of Health and Human Services has required the reporting of data breaches that affect more than 500 patients. The data since then shows a year-over-year increase of reported breach incidents by 23% with hacking incidents now accounting for two-thirds of reported breaches. Additionally, medical device vulnerabilities that are reported regularly by ICS-CERT notes a 109%, year-over-year, increase of newly disclosed vulnerabilities.

MedCrypt currently provides enhanced security features for medical products produced by Accuray, Liberate Medical, RefleXion, and more.