MedCrypt CEO Mike Kijewski said more medical device companies are taking a closer look at security, with new guidelines from the FDA. The company recently graduated from Bay Area accelerator Y Combinator, which invested $150,000. File photo by Jamie Scott Lytle

MedCrypt CEO Mike Kijewski said more medical device companies are taking a closer look at security, with new guidelines from the FDA. The company recently graduated from Bay Area accelerator Y Combinator, which invested $150,000. File photo by Jamie Scott Lytle

Section 32, the local venture fund started by former Google Ventures founder Bill Maris, made its first San Diego investment on May 7. The firm led a $5.3 million series A round in MedCrypt, a San Diego cybersecurity startup that helps medical device vendors ensure their devices are secure. Previous investors Eniac Ventures and Y Combinator also participated in the round.

Section 32, located in Cardiff-by-the-Sea, has been operating quietly since it launched its first fund in 2017. The company raised nearly $200,000 for its second fund in February, according to a filing with the Securities and Exchange Commission.

Encinitas-based MedCrypt has raised $8.4 million in funding to date. It plans to use the additional funds to hire new sales and engineering staff, and further develop its software. The company recently graduated from Y Combinator's winter 2019 program.

While hospitals and health record systems have implemented security systems to protect patient data, new regulations are also putting the onus on medical device vendors to protect patients.

MedCrypt Founder and CEO Mike Kijewski said the FDA released an update to its cybersecurity guidance for medical devices in October, requiring devices to be designed with security in mind.

In a news release, Kijewski said the new guidelines “line up just about perfectly with the solution we began developing three years ago.”

MedCrypt’s system allows device vendors to encrypt data traveling between devices or stored on medical devices. The company can alert vendors of any unusual activity that that might indicate a security threat.

MedCrypt's software currently applies to pacemakers, certain types of wearables and clinical decision support systems. Kijewski said the company's first customers anticipate FDA clearance in the third quarter of this year, which will allow MedCrypt to grow its data on device behavior.

"This will allow us to better define 'normal behavior' for various classes of medical devices," he wrote in an emailed statement.