The company’s co-founder and CEO Anita Finnegan explains how its Irish advantage has driven Nova Leah from a college spin-off to a global player in just a few months.
In May of last year, as the Wannacry ransomware attack swept the world, Britain’s National Health Service declared a “major incident”. Computer networks were shut down in order to curtail the spread of the attack, as hospitals were forced to divert ambulances, cancel out-patient services and even postpone a number of elective surgeries.
Medical devices, from MRI’s to pumps to pacemakers, all rely to some extent on wireless monitoring. While that has given doctors and medical professionals an unprecedented ability to oversee their efficiency, it has also given rise to the very real concern that they could be vulnerable to attack.
Minimise risk but maximise benefits
Nova Leah, a cybersecurity start-up based out of Dundalk IT in Ireland’s northeast, was spun out from the college in June 2016 – but its tender age is no indication of modest ambitions. The team, led by CEO and co-founder Anita Finnegan, is ready to disrupt the global healthcare sector.
Finnegan says that the company wants to minimise the risks of rapidly evolving medical technologies, in turn allowing the health sector to maximise their benefits.
“While the increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats, these same features also improve healthcare – and increase the ability of healthcare providers to treat patients,” she explains.
“Because cybersecurity threats cannot be completely eliminated, manufacturers, hospitals and facilities must work together to manage them.”
That’s where Nova Leah comes in.
“Medical devices come from an industry that essential forgot about security,” she says.
“For the last 10 or 12 years, more and more devices in a hospital setting have been connected to a network. Many devices on the market have known vulnerabilities and these are devices are connected to patients that rely on them to keep them safe.
But the threat goes far beyond individual devices; these weaknesses could, she says, be exploited to gain wider access across an IT network system.
“A weakness in a device could take down a network or make the devices on a network inaccessible. Hospitals and administrators don’t know always necessarily know what devices are on their networks, and this is partly because of a lack of standardization around hospital procurement.”
“Patients can be at risk.”
Three steps to success
Working with device manufacturers on an end-to-end basis – before, during and after the manufacturing process – Nova Leah provides value to customers by minimising risks, aiding the approval process, and ensuring the devices remain impervious to new vulnerabilities and threats once they are in use.
This innovative approach minimises and manages risk right throughout the process.
“Our system helps companies discover potential vulnerabilities in their products during the development lifecycle,” explains Finnegan.
“Then, after the device goes to production, manufacturers can rely on SelectEvidence® to inform them of any new vulnerabilities or threats to the devices. This can help in terms of gathering compliance-related evidence while taking the process a step further into continuous monitoring.”
Much like a home alarm that has always-on monitoring, SelectEvidence® checks the latest vulnerabilities and alert device manufacturers to these should they be applicable. For example, manufacturers who used Intel chips affected by the Meltdown and Spectre vulnerabilities early in the year would have been notified of the flaw within a short time-frame.
The system would also have directed users to a potential fix for their issue.
SelectEvidence® is useful for manufacturers for a number of reasons beyond the immediately obvious – including time. Anita estimates that clients can save 80% of time spent testing in the pre-market stage and 90% in the post-market compared with traditional risk assessment practices.
The company also offers another commodity which is in scarce supply in the medical devices industry: cybersecurity expertise.
“We don’t have a wide array of subject matter experts in the industry, but companies can use our system in their existing frameworks with their existing teams.
“The system becomes the expert.”
The Irish Advantage
When Finnegan thinks of the advantages she has gained from being an Irish start-up, she thinks of Ireland’s excellent reputation in research, medical science and IT, which has allowed her to build a company that is at the vanguard of solving a major issue.
“My biggest advantage has been the ability to work in the Irish research ecosystem. I performed my research in the Regulated Software Research Centre at Dundalk Institute of Technology which is part of Lero, University of Limerick. And that incredible international recognition allowed me the opportunity to work with the international standards community and regulators. I also represent NSAI and Ireland as the medical device cybersecurity expert at international working groups. This has given me valuable exposure to many of the decision makers and influencers in this industry
“The Irish focus on research, and the reputation that brings, is really helpful.”
With the value of the digital health industry due to hit over $370bn within the next six years, it makes sense that Nova Leah is looking to the future – and just a few months ago, they announced a 78-person hiring drive over the next few years.
But Finnegan believes that there will be more to this expansion than just medical devices.
“For now, we’re looking at expanding into the broader healthcare market with solutions for hospitals. From there we will be looking at other safety critical domains. This could include the likes of autonomous cars.
“Right now, our focus is on the US, we’ll later expanding into Asia and Europe. It’s still an industry in it’s infancy.
Even so, Nova Leah has been successful in attracting a number of Fortune 300 clients – which indicates a bright future for this start-up, and for the healthcare industry at large.