As concerns over medical device security rise, MedCrypt raises $5.3 million

As medical devices move to networked technologies, securing those devices becomes increasingly important.

Regulators, seemingly late to the threat that unsecured medical devices posed, only began requiring protections for medical devices like pacemakers and insulin pumps two years ago, and since then new technology companies have leapt into the breach to begin providing security services for the healthcare industry.

Most recently, MedCrypt, a graduate from the most recent batch of Y Combinator companies, raised $5.3 million in a new round of funding, from investors led by Section 32, the investment firm founded by former Google Ventures partner Bill Maris.

Joining Maris’ firm were previous investors Eniac Ventures and Y Combinator itself.

“Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times,” said MedCrypt chief executive Mike Kijewski in a statement.

Securing patient data has been a longtime requirement for health technology companies, but both patient records and hospital networks are dangerously vulnerable to cyberattacks.

In 2018, more than 6 million patient records in the U.S. were exposed thanks to network intrusions and cyberattacks, according to the publication Health IT Security. And those were just in the 10 largest security breaches.

The healthcare industry has only managed to achieve 72% compliance with the HIPAA Security Rule for protecting patient data, according to an April report from CynergisTek.

Investors have recognized the problem and are investing more into companies focused on the healthcare market specifically. MedCrypt’s competition for these security dollars include companies like Medigate, which raised $15 million earlier this year.

While Medigate focuses on network security, MedCrypt is focused on securing devices themselves. Both security functions are critical, according to investors.

“With regulators appropriately taking a hard look at medical device security and the sheer growth in the number of devices being added to already complex clinical networks,” there is a significant opportunity for companies tackling medical device security, according to a statement from Dr. Jonathan Root, who has led several IT-enabled healthcare investments for USVP.