As threats proliferate, so do new tools for protecting medical devices and hospitals

Six months after an episode of “Homeland” showed hackers exploiting security vulnerabilities in the (fictional) Vice President’s pacemaker, Mike Kijewski, the founder of a new startup security company called Medcrypt, was approached by his (then) employers at Varian Medical Systems with a unique problem. 

“A hospital came to the company and said we are treating a patient and a nation-state may attempt to assassinate the patient that we’re treating by using a cybersecurity vulnerability in a medical device to do it,” Kijewski recalled.

At the time, there were no universal solutions to those types of security threats — so companies were left to cobble together one-off solutions for their devices, which is what Kijewski’s former employer likely attempted to do.

Ever since, Kijewski became obsessed with the security holes that exist in the foundation of the healthcare industry’s practice — the devices used to diagnose and treat patients.

“My partner Eric Pancoast and I looked into the problem of medical device cybersecurity and we found two things,” says Kijewski. “Number one there were no regulations forcing medical device companies to use cybersecurity protections at all. Number two, any given company has only one core competency — maybe two. And are medical device vendors going to have cryptography and cybersecurity competencies?”

Medcrypt was launched in 2016 to ensure that medical device manufacturers wouldn’t need to be cryptographic experts. The company is graduating from the latest batch of Y Combinator (after raising a $3 million seed round from Eniac Ventures and other investors) with a pitch to secure medical devices using just a single line of code.

It’s a technological necessity thanks to new guidelines from the Food and Drug Administration requiring medical devices to include security features like encryption, signature verification, and intrusion detection.

By inserting a single line of code into the software of a device, Medcrypt can provide the security manufacturers need at the device level, according to Kijewski.

The company not only encrypts the data on the device, but it also provide intrusion detection services by analyzing medical device metadata to identify standard device behaviors and deviations from that behavior, Kijewski said.

Medcrypt is one of a growing number of startups that are securing medical devices and hospital networks as the threats to the healthcare system proliferate.

Other startups are working on protecting hospital networks. Companies like Medigate, founded by ex-Israeli officers from the Israeli Defense Forces, which just raised $15 million from investors including YL Ventures and US Venture Partners; and Cylera, which is backed by Samsung Next and launched from the DreamIT healthcare accelerator are two such companies.

By 2017, Beckers Health IT and CIO Report counted over 107 technology companies pitching cybersecurity solutions to healthcare practitioners and medical device manufacturers.

It’s little wonder so many companies are pouring in to close the (data) breach in healthcare, given the scope of the problem.

A 2018 report from Experian cited by U.S. News indicated that 233 breaches were reported to the Department of Health and Human Services, media, or state attorneys general in the period from January to June 2017. And for the 193 attacks where the scope of the breach was calculated, roughly 3.2 million patient records were affected.

Experian predicts healthcare cybersecurity spending will be a $65 billion industry by 2021.

Still, some of the security problems that hospitals face can be solved with some fairly basic updates. Indeed, perhaps the most critical — and the one that left hospitals most exposed — is just ensuring that their technology can accept patches and security upgrades. Many of the attacks that crippled health networks came down to an inability to upgrade their Windows operating systems.

Sometimes, all it takes is tightening the screws to make sure the machines don’t fall apart.

“Connected medical devices — from patient monitors, MRIs and CAT scanners to infusion pumps and yet-to-be invented devices — are critical to the delivery of healthcare today and are revolutionizing the care of tomorrow,” said YL Ventures founder Yoav Leitersdorf in a statement announcing Medigate’s 2017 financing. “These devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyberattacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk.”

Let’s block ads! (Why?)

Link to original source

Experian leads $10M investment in Southeast Asia fintech startup Jirnexu

Consumer credit giant Experian is continuing to back Asian fintech startups after it led a $10 million investment in Southeast Asia’s Jirnexu .

Jirnexu, which is headquartered in Kuala Lumpur, operates financial comparison services in Malaysia and Indonesia. Those services aggregate offerings and deals from banks and financial services companies, effectively acting as a user acquisition channel for reaching new audiences and customers. This round is a follow-on to Jirnexu’s $11 million Series B which closed in May and was led by SBI, which was the other investor in this extension. This new money takes the startup to $28 million from investors to date.

The deal marks the third investment in Asian fintech for Experian, which is based in London and valued at £17.8 billion, or $22.6 billion. The firm previously backed India’s Bankbazaar and Singapore-based C88.

As you’d expect, those deals include strategic relationships. In the case of Jirnexu, Experian said it would help with “improved performance in demand generation, better eligibility matching through analytics and more seamless consumer experiences.”

There may yet be more deals involving Experian based on comments from the firm’s Asia Pacific CEO, Ben Elliott, made earlier this year.

“Five or six years ago, we started to think about how we solve some bigger problems rather than just being a stoic software company. We’re looking at organizations that we think are either disruptive in the market where we have a role to play, or those that are building into something we think we can grow with,” Elliot told TechCrunch in an interview in July.

A recent Google report forecast that Southeast Asia’s digital economy will triple in size to reach $240 billion by 2025 and Experian is far from the only one keen to get into the future of finance in the region. Ride-hailing giants Grab and Go-Jek are building their own payment and financial services, while China’s Tencent and Alibaba are actively investing in the region, too. Just last week, for example, Tencent finalized a deal that sees it lead a $215 million investment in Voyager in the Philippines.

Let’s block ads! (Why?)

Link to original source

An early test of the GDPR: taking on data brokers

SOPA Images via Getty Images

Major data brokers Acxiom and Oracle are among seven companies accused of violating GDPR laws on personal information privacy. Advocates hope the complaints will shed light on the opaque ways that personal data is traded through third parties online both in the EU and the US.

The General Data Protection Regulation is a sweeping personal data privacy law that came into force in late May in the EU. For the rest of the world, it’s viewed as a bellwether for whether Big Tech can be held in check when immense data leaks seem to happen with painful regularity.

Formal complaints to European regulators under the GDPR by UK non-profit Privacy International were also filed against ad-tech companies Criteo, Quantcast and Tapad as well as credit agencies Equifax (the subject of a massive breach just last year) and Experian.

“Our complaints target companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged,” said Ailidh Callander, legal officer at Privacy International, in an email to Engadget. “These companies’ business models are premised on data exploitation.”

Data brokers aggregate personal information from other sources — for instance, websites you’ve visited or credit card records — to create a complex profile on who they think you are. That profile may include political leanings and income, and subsequently get sold to brands or social networks. Acxiom claims to have data on about 700 million people globally. Consumers often don’t hand data directly to these companies via their own websites — the way one would with, say, Facebook — which allows the data trading to operate in relative obscurity.

This alleged lack of consent is precisely what Privacy International is targeting. The non-profit also claims that these companies lack “legitimate interest” (in legal terms) for processing the personal data, which may infer political, ethnic and religious affiliations. The companies fail to comply, according to Privacy International, with the principles of “transparency, fairness, purpose limitation, data minimisation, accuracy and confidentiality and integrity” — in other words, nearly all of the new privacy law’s core foundations.

“The law has changed and these companies need to as well,” said Callander. “There is a gap between how [the] GDPR conceptualises data privacy and [how] these companies do and the onus is on them (if necessary, pushed by regulators) to close it.”

In public statements, Experian has said: “We have worked hard to ensure that we are compliant with GDPR and we continue to believe that our services meet its requirements.” Criteo has stated: “We have complete confidence in our privacy practices.”

Companies are still feeling out just how the law is going to be enforced, which is why test cases like this bear watching. Facebook and Google are among the other companies who have faced complaints so far. A spokesman from the Data Protection Commission in Ireland, where many American tech firms keep European headquarters, said the regulators have already received 2,500 breach notifications and 1,200 complaints related to the GDPR since May.

Let’s block ads! (Why?)

Link to original source

Africa’s Jumo raises $52M led by Goldman to bring its fintech services to Asia

Asia’s fintech scene is poised to get a little larger after Jumo, a company that offers loans to the unbanked in Africa, revealed plans to expand into the continent. To get the ball rolling, Jumo has opened an office in Singapore to lead the way and landed a massive $52 million investment led by banking giant Goldman Sachs to fuel the growth.

The new round takes Jumo to $90 million raised from investors. While Goldman is the lead — and standout name — the round also saw participation from existing backers that include Proparco — which is attached to the French Development Agency — Finnfund, Vostok Emerging Finance, Gemcorp Capital, and LeapFrog Investments.

Jumo launched in 2014 and it specializes in social impact financial products. That means loans and saving options for those who sit outside of the existing banking system, and particularly small businesses. To date, it claims to have helped nine million consumers across its six markets in Africa and originated over $700 million in loans. The company, which has some 350 staff across 10 offices in Africa, Europe and Asia, was part of Google’s Launchpad accelerator last year and it is led by CEO Andrew Watkins-Ball, who has close to two decades in finance and investing.

Watkins-Ball told TechCrunch that he believes Jumo’s experience working in Africa sets it up perfectly to offer similar services in markets across Asia.

“We grew up in a very tough play yard,” he said in an interview. “We built our initial success in Tanzania which is probably one of the hardest [financial] markets in the world. A lot of these environments [in Asia] look more attractive.”

Unlike the West, where challengers are trying to unseat banks, fintech startups in emerging markets work with the existing system. That isn’t some cop-out, it actually makes perfect sense. Banks simply aren’t equipped to deal with customers seeking small loans in the hundreds of U.S. dollar bracket.

Jumo CEO Andrew Watkins-Ball believes his company’s work in Africa is ideal preparation for its expansion into Asia

Financially, the returns aren’t there from these customers and it doesn’t make sense for banks to invest resources sounding out a prospective loan. Even if they wanted to, they couldn’t vet these would-be customers, though. Many emerging markets simply don’t have the formalized credit checking systems that exist in the West, while many of the unbanked (or ‘less banked’) consumers wouldn’t even show up if they did due to a range of factors.

That’s where a new approach is needed. Fintech startups essentially act like a funnel. They manage the customer acquisition and retention, develop systems to assess credit based on alternative signals and, over time, build up a customer profile that reduces credit risk. That suits banks because they don’t need to handle the nitty-gritty and, when it works well, the startups bring them larger enough volumes of small loans that are a worthwhile opportunity for financial institutions.

Just looking at recent funding deals, the model is evident in markets like India — where ZestMoney pulled in funds last month — and Southeast Asia, where Experian backed fintech startup C88.

Watkins-Ball said Jumo is aiming to do the same having already proven its model in Africa. He acknowledged that a number of startups are also tackling the problem and welcomed the increase competition and growth potential across the fintech and micro-financing space.

“We’ve offered services to millions of new customers who weren’t part of the banking ecosystems,” he explained. “Essentially we grow the addressable market for banks.”

Already, Jumo has begun offering services in Pakistan and it has plans to open up in more markets in Asia, although Watkins-Ball isn’t saying which ones or when right now. But, in addition to proving its model, he believes that Jumo has already shown it can adapt to new markets.

“The differences between countries like Ghana, Tanzania and Zambia are as great as those between India, China and Indonesia,” he told TechCrunch. “So we’ve had to learn to use our platform, which we built to be flexible, and localize in order to fit the customer.”

That’s backed up by Goldman Sachs executive director Jules Frebault, who said in a statement: “There’s an immense opportunity across Africa and beyond for Jumo to build on their successful track record developing digital marketplace infrastructure to offer mobile subscribers access to relevant financial products.”

In addition to Asian expansions, Jumo’s new capital will also go towards expanding its current selection of productions in Africa. In particular, Watkins-Ball says the company is working to partner with more banks and it plans to introduce “new generations” of saving products.

While it isn’t taking its foot off the pedal in Africa, he said Jumo will likely devote the majority of its resources to the Asia expansion plan. That’ll make Jumo a very notable addition to a fintech scene that is already showing significant potential across the Asian region.

Let’s block ads! (Why?)

Link to original source

Experian leads $28M investment in Southeast Asia fintech startup C88

Experian is making its first major bet on Southeast Asia and its population of over 650 million consumers after the financial credit giant backed Singapore-based C88 Financial Technologies, which operates financial marketplaces that help lenders reach new audiences.

C88 today announced a $28 million Series C investment round that’s led by Experian with participation from a host of other backers that include Europe-based duo ResponsAbility Investments (Switzerland), DEG in Germany plus Korea’s InterVest, FengHe Fund Management, Pelago Capital and Fuchsia Venture Capital, the VC arm of Thai lender Muang Thai Life Assurance.

Early investors Monk’s Hill Ventures, Telstra Ventures, Kickstart Ventures and Kejora Ventures also took part in the round, which takes C88 to just over $45 million in capital raised.

The startup was founded in 2013 and it operates services in Indonesia and the Philippines — and, respectively — which have collectively served over 50 million customers through a mixture of smaller loans paid back over 6-18 months and longer installment-based plans that run from 18-32 months.

Following this investment, it plans to also open a business in Thailand — the support of Muang Thai is sure to help there — as part of its mission of opening consumer financing products up to consumers in Southeast Asia. More generally, the capital will go towards expansion, particularly around consumer marketing.

Working with, not disrupting, banks

Unlike some parts of the world, fintech challengers in Southeast Asia are working with the existing financial institutions to help them reach segments of the population that are not addressed today. Data is a huge part of that. In most parts of the region — excluding Singapore and perhaps Malaysia — few consumers are credit profiled. That makes a bank or lender’s job of assessing their suitability for a loan extremely challenging. Throw in that they are often seeking small- to mid-sized loans, and the potential value of the customer is likely lower than the resources that would be spent evaluating them.

The system is broken but the good news is that the advent of smartphones is bringing usable data to the fore. Southeast Asia counts over 300 million internet users and that’s growing at a rapid rate.

In just the past month, Indonesia-based Kredivo — which operates digital credit — and SME-focused Aspire Capital have raised significant capital using a data-driven similar thesis.

Instead of disruption, those companies, and C88, are guiding the banking industry into the previously unaddressable long-tail of customers by actively pre-verifying them and ascertaining not just whether they are eligible for financial products, but what kind and at what rate. Indeed, very often it isn’t that a person is a so-called ‘bad actor,’ it’s more the case that there isn’t sufficient data to prove that they are eligible for credit.

“Many times [banks and lenders] just can’t lend the cash out efficiently,” CEO JP Ellis told TechCrunch in an interview. “But that can change with the advent of digital-enabled societies, data and mechanisms to price on an individual basis. It’s all about partnering with [financial institutions] because they have so much capital on their balance sheet.”

C88 claims to work with over 90 banks, financial institutions and lenders. It effectively acts as the data pipeline, sorting through would-be credit applicants to assess their level of eligibility and the types of products best suited to them. That involves a mix of data, some structured some unstructured, and work with established firms like Experian, but it remains a challenge given the aforementioned lack of credit scoring. Indeed, Ellis estimates reach is as low as 20-30 percent of the population in Indonesia, for example — which is a big deal since it is the world’s four-largest country with a population of over 260 million.

With around 10 percent of applicants successful for credit products using traditional methods, Ellis said he wants to broaden access to capital which he believes can help build up Southeast Asia’s already-growing economies.

“We think of ourselves not as a comparison of products, but as a comparison of eligibility,” he added. is C88’s portal in Indonesia

New methods of scoring

That hits on a chord that’s noticeable across Southeast Asia: unlike other regions where credit and financial products seem rigid and almost unfriendly to consumers, the industry in Southeast Asia is working to be more relatable to consumers. At least in terms of the rhetoric, which includes smaller loans, flexible payment schedules and newer kinds of credit scoring.

Ellis said some of the methodologies come from China — where internet titans Alibaba and Tencent offer financial services that are based on factors like mobile payments and utility bill history — but he said that the region’s fintech movement in Southeast Asia is very much marching to its own beat.

In Indonesia, for example, one product C88 offers is with DBS, the region’s largest bank, and some of the eligibility data is related to operator Telkomsel, which has over 190 million customers.

C88 is also offering its own-branded policies in some cases, such as dengue fever insurance in the Philippines. That’s in partnership with an insurer on the backend. Ellis said the company only offers new products when it sees an unmet need in the market, it doesn’t intend to compete with what’s already on offer from the industry, which remains its key partner.

Beyond unsecured loans and insurance, the company is also dipping its toes into asset management, although the C88 CEO concedes that this market is smaller — in terms of sheer numbers, at least.

Experian eyes Asia deals

The deal marks the first major investment in Southeast Asia for Experian, the Dublin-headquartered firm valued at around £17.5 billion, or $23 billion, and listed in London. It signals a new role helping to develop startups in Asia coming as it does just under a year after Experian backed Bankbazaar with its maiden investment in India.

“Five or six years ago, we started to think about how we solve some bigger problems rather than just being a stoic software company,” Ben Elliott, who is managing director of Experian’s Asia Pacific business, told TechCrunch in an interview. “We’re looking at organizations that we think are either disruptive in the market where we have a role to play, or those that are building into something we think we can grow with.”

Singapore-based Elliott pointed that nearly one-quarter of Southeast Asians have access to a bank account, so new methods of reach are essential. He said that the C88 deal isn’t necessarily a path to acquisition for Experian. While he didn’t rule out the possibility in the future, he said that “the initial focus is to be a valuable investor and a good partner in the business.”

Ellis, the C88 CEO, believes there’s an opportunity to work very closely with the new investor beyond new credit scoring systems they are jointly cooking up.

“Many of our financial institutions already use Experian products, so we have the opportunity to really combine forces,” he said.

Let’s block ads! (Why?)

Link to original source