Medical device cybersecurity provider MedCrypt has raised $5.3 million in a series A round, with plans to expand its team with new sales and software engineering positions, while further developing its technology.
The San Diego-based company aims to encrypt data transmissions and secure access at the device level, as part of a platform that also offers remote monitoring and alerts of suspicious behavior. The round was led by Section 32, with additional funding from Eniac Ventures and Y Combinator—which named MedCrypt as part of its Winter 2019 batch of startups. In total, the company has raised $8.4 million, including previous seed money.
“Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times,” MedCrypt CEO and founder Mike Kijewski said in a statement.
“We're thrilled to see continued support from various groups in the industry, from the government to healthcare institutions and device vendors, along with support from our partners to help us further develop our technology and expand our team," Kijewski added.
The FDA has previously stated that it will begin requiring cybersecurity checks in medical device submissions and its product reviews. In addition, the agency said it would start to refuse to accept applications lacking certain cybersecurity documentation, following a report last September from the HHS inspector general’s office.
“Cybersecurity threats to networked medical devices are on the rise,” the inspector general’s office wrote at the time. “Researchers and hackers have demonstrated that the lack of security controls in these devices makes them vulnerable to cybersecurity attacks, such as ransomware and unauthorized remote access. Such attacks can affect not only a single patient but can also impact a hospital system and disrupt the delivery of healthcare.”
Earlier this year, Medtronic disclosed cybersecurity flaws in some of its implantable cardiac devices, including defibrillators and resynchronization therapy hardware, based in its proprietary, short-range Conexus radio communication protocol. Before that, the medtech giant was forced to disable internet-based updates for some of its pacemaker programmers over concerns that individuals could hijack the updates and inject non-Medtronic software.