Photo: MedCrypt
MedCrypt, a leading medical device cybersecurity provider that participated in Y Combinator’s Winter 2019 batch and was founded by CSO Brett Hemenway, CTO Eric Pancoast, and CEO Mike Kijewski, announced it has raised $5.3 million in Series A funding led by Section 32. Eniac Ventures and Y Combinator also participated in this round. Including this funding round, MedCrypt has raised $8.4 million total.
“Last October, the FDA released a major update to its premarket cybersecurity guidance for medical devices, publishing guidelines that line up just about perfectly with the solution we began developing three years ago,” said MedCrypt founder and CEO Mike Kijewski in a statement. “Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times. We’re thrilled to see continued support from various groups in the industry, from the government to healthcare institutions and device vendors, along with support from our partners to help us further develop our technology and expand our team.”
The HIPAA Security Rule started about 14 years ago with the aim of protecting electronic health data, but a study from CynergisTek via Cybersecurity Ventures reports that the healthcare industry managed to achieve 72% compliance with it. The gap in between means that there is a security risk for organizations that are not compliant. And the study also points out that healthcare is expected to suffer 2-3 times more cyber attacks in 2019 than other industries.
MedCrypt’s security software enables device vendors to use cryptography to secure data traveling between or stored on devices. And it provides remote and real-time monitoring to alert medical device vendors of suspicious behavior that may yield potential security threats to their company, devices, and patients. These security features can be implemented with just a few lines of code.
In October 2018, the U.S. Food & Drug Administration (FDA) published an updated Premarket Cybersecurity Guidance for medical devices. These guidelines are in line with the solution that MedCrypt developed in 2016.
“Patient data privacy has long been a concern, but the healthcare industry is just beginning to address patient safety risks presented by internet-connected healthcare technology,” added MedCrypt VP of operations Vidya Murthy. “Research (NEJM) shows a 13.3% higher mortality rate for patients experiencing a cardiac arrest whose care was delayed by four minutes. While cybersecurity attacks to a device such as a pacemaker seem more dangerous, delays to patient care due to cyber attacks are much more real and likely.”
With this round of funding, MedCrypt is going to expand its team, add new members in sales and engineering roles, and further develop its technology.