MedCrypt, a San Diego company that provides cybersecurity technology for medical devices, snagged $25 million in a second round of venture funding despite today's tough environment for young firms seeking to raise capital.
Founded in 2016, MedCrypt said Tuesday that this latest round included participation from new strategic backers Johnson & Johnson Innovation and Intuitive Ventures — the independent investment arm of robot-assisted surgery giant Intuitive Surgical.
MedCrypt, which employs 28 workers, also got backing from existing investors Section 32, Eniac Ventures, Anzu Partners, and Dolby Family Ventures.
The company will use these funds to expand its cryptography, behavior monitoring and vulnerability inventory products across myriad medical devices ranging from insulin pumps and glucose monitors to hospital-based patient monitoring and surgical gear.
The funds will also be used to expand MedCrypt's engineering staff in anticipation of increased demand for medical device cybersecurity.
In April, the U.S. Food and Drug Administration came out with draft cybersecurity guidelines for medical devices. MedCrypt believes these proposed rules will shine a spotlight on the need for enhanced protection against cyber threats.
"If you are a medical device manufacturer, regulators around the world — most notably the FDA — want to make sure you are very confident and have tested the fact that your device will behave as intended in every circumstance," said Mike Kijewski, chief executive of MedCrypt. "What cybersecurity concerns do is introduce the possibility for devices to do things they were not designed to do."
There are an estimated 10 to 15 million medical devices in U.S. hospitals today — about 25 percent of which are connected to the Internet, according to MedCrypt. That number is expected to grow to 40 percent in a few years, especially as more medical devices are adopted in home-care settings.
"We're past the point of debating the need for improved health care cybersecurity, and it's exciting to see the industry putting more time and attention into addressing this issue," said Kijewski.
Competitors include cybersecurity firms that sell into the overall Internet of Things market, including health care. In addition, some medical device makers develop cybersecurity tools in-house.
But Kijewski, who co-founded the company with Chief Technology Officer Eric Pancoast, thinks cybersecurity tailored specifically for medical devices will make MedCrypt stand out. Its customers include seven of the top 10 medical device manufacturers by market capitalization, he said.
The company also counts startups and midsized companies as customers. The latest funding round brings the total raised by MedCrypt to $34.4 million.
"With the acceleration of complex medical device ecosystems in hospitals and homes across the United States, and growing expectations of patients, providers, and device manufacturers to meet higher standards for security protection, proactive and focused cybersecurity solutions are urgently needed," said Oliver Keown, managing director of Intuitive Ventures, in a statement. "MedCrypt's 'secure by design' product infrastructure will be a critical enabler — and potential standard-setter — for the health care industry."