San Diego In 2016, a medical device crashed during heart surgery after misconfigured antivirus software opened.
The surgery at an unidentified facility went off without harm, but Mike Kijewski said the incident demonstrates a clear need: cybersecurity geared specifically for medical devices.
He’s the CEO of Medcrypt, which at the end of June locked down a $1.9 million funding round to help medical device vendors build cybersecurity features directly into their products, amid rising fears of hacking and breaches.
“From a competitive landscape perspective it’s really a relatively new field. You see a lot of existing cybersecurity companies trying to find ways to apply their existing products to this problem. Sometimes this works well. Sometimes it doesn’t,” Kijewski said.
CEO: Mike Kijewski
Funding to date: $3 million
Headquarters: Solana Beach
Company description: Medcrypt helps medical device vendors build cybersecurity features directly into their products.
While he noted the software heart surgery episode, Medcrypt isn’t in the antivirus software business. In the simplest terms, it encrypts data sent to and from medical devices.
The company also remotely monitors metadata to spot abnormal device behavior. For instance, a CT machine and control system might average 1,000 communications a day, but spikes in that number and failed identification tests signal something may be awry.
At that point, Medcrypt would notify the device manufacturer.
The company’s $1.9 million round was led by Eniac Ventures, with additional backing from Sway Ventures, Nex Cubed, Oronoco Investments and Friedman BioVentures. To date, the company has brought in $3 million in funding.
The capital comes as medical devices increasingly transmit data, aiding treatment decisions and remote monitoring, but also creating cybersecurity vulnerabilities. The U.S. Food and Drug Administration in April put forward an action plan promoting improved protections, building on existing measures.
“Medical devices from insulin pumps to implantable cardiac pacemakers are becoming more interconnected, which can lead to safer, more effective technologies. However, like computers and the networks they operate in, these devices can be vulnerable to security breaches, and exploitation of a device vulnerability could threaten the health and safety of patients,” states the FDA plan.
FDA documents lay out what medical device cybersecurity measures should be in place before regulatory submissions and post-approval. These documents are in draft form, but should be finalized in the near future. That’s according to Bethany Hills, the chair of law firm Mintz Levin’s FDA practice.