According to Department of Health and Human Services. Royal and BlackCat are two groups that have been particularly active against healthcare organizations in recent months, the department warned in its latest threat shortreleased last week.
So what risk management software are healthcare systems using to protect themselves from these dangerous threats?
Health systems across the country are joining Censinet’s platform, and some are even investing in the Boston-based startup. Last week, four health systems – MemorialCare, Ballad Health, Cedars-Sinai and UNC REX Healthcare — participated in Censinet’s $9 million funding roundbringing the company’s total funding to date to more than $22 million.
Censinet was founded in 2017 by CEO Ed Gaudet shortly after he left the healthcare IT security company The imprivata. While working at Imprivata, Gaudet noticed that each health system’s process for assessing cybersecurity risk was different, he said in an interview.
Because risk assessment forms vary between organizations, healthcare providers do not have a standard way of understanding the cybersecurity risks of the different providers they partner with. The lack of standardization means that some providers may not have the right protocols in place to capture all the risks that may be associated with the products and services they use. This is problematic because a medical device affected by ransomware can lead to adverse events or even death for the patient, Gaudet pointed out.
He created Censinet to solve that problem — the startup’s mission is to “eliminate cyber risk to patient safety and care operations,” Gaudet said.
The company’s flagship product called RiskOps, is a cloud-based secure risk exchange network. It enables healthcare organizations to share and manage risk data to strengthen cybersecurity planning.
“Transparency is the enemy of risk. It’s the unknown that gives you the most trouble,” Gaudet said. “We need an exchange that connects health systems with their digital partners—whether they’re infrastructure providers, software, clinical software, medical devices, or third-party service providers.”
If RiskOps identifies a risk related to a particular product the healthcare system uses, the platform gives the provider an action plan to address the problem.
About 40 health systems pay to use Censinet’s platform, including Massachusetts General Brigham, Cedars-Sinai, Intermountain Healthcare, Dana-Farber Cancer Institute, Marshfield Clinic Health System and Dayton Children’s Hospitalsaid Gaudet.
While notable healthcare systems have adopted Censinet’s platform, the company is certainly not the only provider of cybersecurity risk management solutions. Some competitors include Vanta and RFPIO. Gaudet believes Censinet stands out for the following reasons.
Censinet’s platform is uniquely built for healthcare companies, while many other cybersecurity vendors sell their software to organizations across all industries. RiskOps is designed to meet the comprehensive needs of healthcare providers — the platform provides risk management modules for medical devices, supply chain, enterprise solutions, third-party service providers, institutional review boards, internally developed software, integration projects and related practices.
Another distinguishing feature, Gaudet said, is that the startup’s risk catalog is larger than that of its competitors — the platform contains risk information for more than 34,000 suppliers and products. Censinet can provide risk assessments faster than any of its competitors, he said. He said RiskOps can typically provide a risk assessment for a vendor or product as quickly as a click.
That speed is likely to be attractive to healthcare systems as Censinet looks to win over new customers — the need to protect against cyber threats is as urgent as ever. When it comes to the risk of vendors facing a ransomware attack, “it’s no longer a question of if — it’s a question of when,” Gaudet said.
Photo: chombosan, Getty Images