Medtronic partners with cybersecurity startup Sternum to protect its pacemakers from hackers

If you think cyberattacks are scary, what if those attacks were directed at your cardiac pacemaker? Medtronic, a medical device company, has been in hot water over the last couple of years because its pacemakers were getting hacked through their internet-based software updating systems. But in a new partnership with Sternum, an IoT cybersecurity startup based in Israel, Medtronic has focused on resolving the issue.

The problem was not with the medical devices themselves, but with the remote systems used to update the devices. Medtronic’s previous solution was to disconnect the devices from the internet, which in and of itself can cause other issues to arise.

“Medtronic was looking for a long-term solution that can help them with future developments,” said Natali Tshuva, Sternum’s founder and CEO. The company has already secured about 100,000 Medtronic devices.

Sternum’s solution allows medical devices to protect themselves in real time.

“There’s this endless race against vulnerability, so when a company discovers a vulnerability, they need to issue an update, but updating can be very difficult in the medical space, and until the update happens, the devices are vulnerable," Tshuva told TechCrunch. "Therefore, we created an autonomous security that operates from within the device that can protect it without the need to update and patch vulnerabilities.”

However, it is easier to protect new devices than to go back and protect legacy devices. Over the years hackers have gotten more and more sophisticated, so medical device companies have had to figure out how to protect the devices that are already out there.

“The market already has millions — perhaps billions — of medical devices connected, and that could be a security and management nightmare,” Tshuva added.

In addition to potentially doing harm to an individual, hackers have been taking advantage of device vulnerability as the gateway of choice into a hospital’s network, possibly causing a breach that can affect many more people. Tshuva explained that hospital networks are secured from the inside out, but devices that connect to the networks but are not protected can create a way in.

In fact, health systems have been known to experience the most data breaches out of any sector, accounting for 79% of all reported breaches in 2020. And in the first 10 months of last year, we saw a 45% increase in cyberattacks on health systems, according to data by Health IT Security.

In addition to Sternum’s partnership with Medtronic, the company also launched this week an IoT platform that allows, “devices to protect themselves, even when they are not connected to the internet,” Tshuva said.

Sternum, which has raised about $10 million to date, also offers cybersecurity for IoT devices outside of healthcare, and, according to Tshuva, the company focuses on areas that are “mission-critical.” Examples include railroad infrastructure sensors and management systems, and power grids.

Tshuva, who grew up in Israel, holds a master’s in computer science and worked for the Israeli Defense Force's 8200 unit — similar to the U.S.’s National Security Alliance — said she always wanted to make an impact in the medical field. “I looked to combine the medical space with my life, and I realized I could have an impact on remote care devices,” she said.