Medical Device Security Startup Reels in $25M as Cyber Threats Escalate

Healthcare organizations need to take cybersecurity seriously now more than ever  — more than 50.4 million patient records were breached last year. 

This urgency is reflected in a recent Series B funding round closed by MedCrypt, a San Diego-based provider of cybersecurity solutions for medical devices. The startup, founded in 2016, announced the $25 million round on Tuesday.

This financing round brings the company’s fundraising total to $34.4 million. It included investments from Intuitive Ventures, Johnson & Johnson Innovation, Section 32, Eniac Ventures, Anzu Partners and Dolby Family Ventures.

Medical devices are more connected than ever before. In fact, nearly 70% of medical devices are projected to be connected devices by 2025, and hospitals typically average 10 to 15 medical devices for each patient bed.

Healthcare organizations modernized their technology in the name of improving the patient and provider experience, alleviating clinical workflow inefficiencies and reducing costs. But this massive increase in connectivity among medical devices didn’t necessarily happen with security in mind, according to MedCrypt CEO Mike Kijewski.

He said his company’s mission is to ensure that the medical devices used by clinicians and relied on by patients are as secure as possible. The startup sells its software to medical devices manufacturers so they can enhance the security of their products, which range from pacemakers to CT scanners. 

“MedCrypt wants medical devices built with cybersecurity at the forefront of the development process, making them ‘secure by design’ and therefore keeping users and operators safe from cyber threats,” Kijewski said. “Our goal is to make healthcare a more secure and safer industry.”

The startup offers an array of services and products, including vulnerability management, threat modeling, security architecture reviews and FDA regulatory strategy. These offerings enable medical device manufacturers to proactively protect patient data, monitor devices for security events and manage device vulnerabilities.

With its Series B funds, MedCrypt plans to scale its cryptography, behavior monitoring and vulnerability management software. These products will be designed to be compatible with various types of medical devices, from small devices like glucose monitors to surgical robots used at hospitals.

MedCrypt claims to work with “seven of the top 10 medical device manufacturers,” but Kijewski was unable to disclose those companies due to “a variety of non-disclosure agreements/master service agreements in place.” He said that MedCrypt’s customer base ranges from “startup companies working on novel diagnostic and therapeutic devices to top 10 manufacturers aiming to improve the security posture of their broad portfolio.” Kijewski declined to share how many customers the startup has.

When it comes to MedCrypt’s competitors, Kijewski acknowledged that the field for Internet of Things cybersecurity solutions is massive. But most companies focus on a single facet of cybersecurity and deliver it across a variety of industries, he said.

“What makes us unique is our focus on healthcare and our approach to meeting the specific and unique needs of the medical device space,” Kijewski declared. “We develop and deliver cybersecurity solutions to device makers that do not require cybersecurity expertise to implement. The complexity of the healthcare ecosystem — ranging from traditional hospital systems to evolving home care models servicing patients outside of the hospital — make traditional IoT solutions incompatible with the notion of providing safe and continuous care.”

Photo: traffic_analyzer, Getty Images