Medical device cybersecurity software company MedCrypt announced today that it has raised $1.9 million in new seed funding. The round’s primary backer was Eniac Ventures, with additional participation from Sway Ventures, Nex Cubed, Oronoco Investments, and Friedman BioVentures.
Mike Kijewski, CEO and cofounder of MedCrypt, told MobiHealthNews that his company will be using the proceeds from this round to scale implementation of its security software into its customer’s devices.
“We are targeting anything that the FDA would consider a medical device, and has a computer processor. That could be a digital therapeutic mobile app, it could be an implanted pacemaker, and really anything in between,” Kijewski said. “While we have software that can be useful for really any computerized medical device in that spectrum, we find that devices that have some form of network connectivity are really the products that need cybersecurity features the most.”
Medical device cybersecurity may be an easy value sell within the past year or so, but Kijewski noted that not everyone was on board when he was first courting business partners in 2016.
“When we first started the company … we told prospective investors and customers that we were helping prevent medical devices from being hacked, and a lot of people said ‘Who ever is going to hack a medical device?’” Kijewski said. “We saw that more and more medical devices were becoming connected to the internet, that in the past cybersecurity was not one of the considerations when connecting those medical devices, and we’ve seen the impacts of that in terms of some high-profile recalls in the past couple of years.”
While many medical device security companies are focusing their efforts on provider customers looking to protect legacy equipment, MedCrypt sees an opportunity in contracting with the device makers themselves for new or upcoming products. Further, with the FDA taking an increasingly stronger stance on medical device security, Kijewski said that device makers large and small are finding themselves in a position where outsourcing their encryption to a specialized firm is more and more appealing.
“If you imagine a 40 or 50-person at a mid-size medical device vendor trying to get a new glucose monitor out, they’re really focused on the monitoring features. To tell them ‘you need to build features in where this device will detect if it has been breached from a cybersecurity perspective and then will generate forensic data so we can track down who is responsible for the attack,’ that is really a whole different set of features,” he said. “And while it is true that smaller medical device vendors are probably less able to comply with these FDA [guidelines] on their own than many bigger device vendors … what we have found is that even the biggest device vendors, while they have lots of engineers, those engineers really want to be working on the clinical features of the device. [As a result], even giant medical device vendors are able to use an off-the-shelf third-party product to satisfy these requirements.”
MedCrypt said that its customers so far include Reflexion Medical and QuiO, among others. The security company last raised $750,000 back in 2016 from Safeguard Science and angel investors, and according to a statement has brought in $3 million to-date.
“Cyber threats are an exponentially increasing problem that is threatening businesses, governments, households and, in healthcare, even lives,” Tim Young, founding general partner at Eniac Ventures, said in a statement. “MedCrypt has already set itself apart with a seasoned technical team and proprietary technology that is helping the largest medical device makers in the world protect their devices and the underlying users. Our team is excited to support Mike Kijewski and [CEO and cofounder] Eric Pancost in continuing to build out MedCrypt as the most comprehensive security layer for healthcare IT.”