MedCrypt Raises $750,000 Seed Round To Develop Medical Device Software Security Platform
“The increased use of, and dependency on, connected devices at hospitals and health systems has revealed security risks and vulnerabilities, consequently putting patient safety at risk,” said Mike Kijewski, co-founder and CEO of MedCrypt. “While it’s distressing to think about a hacker remotely disabling a medical device, it’s far more unnerving to consider a hacker silently taking over a device and sending it malicious instructions, resulting in a patient’s injury or worse, death. MedCrypt’s software allows manufacturers to authenticate users, encrypt data, and cryptographically sign settings and patient prescriptions. MedCrypt also has the ability to monitor transactions between clinicians and devices for malicious behavior, protecting struggling health networks from unforeseen cyber threats. Our technology is designed to ensure that only instructions from a trusted source are executed by the medical device.”
In recent years, patient data has become increasingly at-risk due to a combination of sophisticated attacks and antiquated IT environments at health systems. An uptick in ransomware attacks has also contributed to greater demand for solutions that improve patient safety and secure health records. The Food and Drug Administration has responded accordingly, calling for device manufacturers to strengthen their software security.
MedCrypt’s technology addresses current weaknesses by working with manufactures to prevent unauthorized access and use of their medical devices. The architecture leverages a machine-learning-based behavior analysis system to immediately flag unusual user behavior, as well as a “Threat Sharing” feature designed to facilitate anonymous communication between multiple medical device vendors. In this way, MedCrypt protects health systems’ IT environment from unauthorized access through medical devices, thereby protecting patient data and avoiding patient harm. The software is compatible with a wide range of devices, from MRI machines to defibrillators. As the technology is deployed across multiple medical devices, MedCrypt's Threat Sharing features will allow a vendor to know what active security threats are targeting other medical devices, without having to share their specific vulnerabilities with others.
Kijewski and partner Eric Pancoast began laying the groundwork for MedCrypt in 2014, after the successful sale of their medical physics-related software company, Gamma Basics. The duo first teamed up in 2008 while Kijewski was a student at the University of Pennsylvania’s Wharton School. MedCrypt co-founder Brett Hemenway, Ph.D., a cryptographer and research professor at the University of Pennsylvania, serves as the company’s chief scientific officer.
“Device manufacturers, health systems, and patients all stand to benefit from MedCrypt’s proprietary software,” said Safeguard’s Managing Director, Gary Kurtzman, M.D. who was Kijewski’s professor at Wharton and who is also Chairman of the Board at MedCrypt. “Behind this company are a proven team and a technology with the potential to disrupt the way device manufacturers design products for the healthcare industry. Battling cyber threats begins at the design phase, and technology like this complements our efforts to holistically improve healthcare delivery.”
Other angel investors in the seed funding include co-founders of ThingWorx, a former Safeguard partner company that was acquired by PTC in 2015; the co-founder/CEO of Coldlight; the Wharton Alumni Angel Network; the former Chair of Radiology at the University of Calgary; and the CIO of Christiana Care Health System. MedCrypt’s advisory board includes CIOs and CISOs from major health systems, as well as former executives from leading medical device companies.