4 Health Systems Invest in a Cybersecurity Startup as Threats Loom

Ransomware attack groups are continuing to target the healthcare sector and its wealth of valuable health data, according to the Department of Health and Human Services. Royal and BlackCat are two groups that have been especially active against healthcare organizations in recent months, the department warned in its latest threat brief, released last week.

So what risk management software are health systems using to protect themselves against these dangerous threats? 

Health systems across the country are joining Censinet’s platform, and some are even investing in the Boston-based startup. Last week, four health systems — MemorialCare, Ballad Health, Cedars-Sinai and UNC REX Healthcare — participated in Censinet’s $9 million funding round, which brought the company’s total funding to date to more than $22 million.

Censinet was founded in 2017 by CEO Ed Gaudet shortly after he left health IT security company Imprivata. While working at Imprivata, Gaudet noticed that each health system’s process for evaluating cybersecurity risk was different, he said in an interview. 

Because risk assessment forms vary between organizations, healthcare providers lack a standard way to understand cybersecurity risks across the various vendors with which they partner. The absence of standardization means that some providers might not have the right protocols in place to catch all the risks that could be associated with the products and services they use. This is problematic because a single ransomware-stricken medical device could result in adverse patient events or even death, Gaudet pointed out. 

He created Censinet to solve that issue — the startup’s mission is to “eliminate cyber risk to patient safety and care operations,” Gaudet said.

The company’s flagship product, called RiskOps, is a cloud-based secure risk exchange network. It allows healthcare organizations to share and manage risk data to strengthen cybersecurity planning. 

“Transparency is the enemy of risk. It’s the unknown that that tends to cause you the most problems,” Gaudet said. “We need an exchange that connects the health systems with their digital partners — whether they be suppliers of infrastructure, software, clinical software, medical devices or third parties that provide services.”

Should RiskOps identify a risk associated with a certain product that a health system uses, the platform gives the provider an action plan to address the issue.

About 40 health systems pay to use Censinet’s platform, including Mass General Brigham, Cedars-Sinai, Intermountain Healthcare, Dana-Farber Cancer Institute, Marshfield Clinic Health System and Dayton Children’s Hospital, Gaudet said.

Though notable health systems have adopted Censinet’s platform, the company is certainly not the only provider of cybersecurity risk management solutions. Some competitors include Vanta and RFPIO. Gaudet thinks Censinet stands out for the following reasons.

Censinet’s platform is built uniquely for healthcare companies, while many other cybersecurity vendors sell their software to organizations across all industries. RiskOps was designed to meet healthcare providers’ comprehensive needs — the platform provides risk management modules for medical devices, supply chain, enterprise solutions, third-party service providers, institutional review boards, internally developed software, integration projects and affiliated practices.

Another differentiator, Gaudet said, is that the startup’s risk catalog is bigger than that of its competitors — the platform houses risk information for more than 34,000 vendors and products. Censinet can provide risk assessments faster than any of its competitors, he declared. He said RiskOps can usually provide a risk assessment for a vendor or productas fast as one click.

That speed will likely be attractive to health systems as Censinet seeks to gain new customers — the need to protect against cyber threats is as urgent as ever. When it comes to providers’ risk of facing a ransomware attack, “it’s not a matter of if anymore — it’s a matter of when,” Gaudet said.

Photo: chombosan, Getty Images