MedCrypt may seek up to USD 30M for medical device cybersecurity operations, CEO says
Originally published by Dane Hamilton for Mergermarket on October 28, 2021
MedCrypt, which supplies cybersecurity software for medical devices, is planning a capital raise next year that could be between USD 20m to USD 30m, according to CEO and founder Michael Kijewski.
San Diego-based MedCrypt was founded in 2016 to address a growing threat: disruptive cybersecurity breaches that can cost hospitals and healthcare providers millions of dollars a year, the CEO said. Such attacks usually occur via breaches in main hospital operating systems but can come through the many varieties of connected medical devices, the CEO said.
The company says it works with three of the top five medical devices makers, among many others, installing cybersecurity software at a time when most medical equipment used in hospitals is connected via IoT (internet of things) technology.
“It’s a huge problem that can have a very direct patient impact,” particularly when hackers break into hospital IT systems and shut them down to demand ransom, said Kijewski. He said hospitals can lose “tens of millions of dollars over the course of a ransom attack,” which can directly impact patient care.
The US Food and Drug Administration and other US agencies are increasingly stepping up pressure on medical device makers to heighten cybersecurity defenses, which has become a tailwind for MedCrypt’s business, the CEO said.
But he said many of the 7,000 or so worldwide medical device makers typically try to build their own cybersecurity measures, which may fall short when confronted by the ever-changing and more complex world of cyberthreats. Failures in such software can lead to costly recalls and security retrofits, he said.
“Manufacturers attempt to do this internally, but it may be outside their skill set,” the CEO said. “It can be cheaper to use a third party like us.”
MedCrypt has raised USD 9.3m since founding. Its latest Series A round of USD 5.3m in 2019 was led by Section 32, with other investors including Y Combinator and Eniac Ventures, according to filings. Kijewski said the company plans the Series B round in late 2022 and would include a wider pool of investors.
The company is on the lookout for acquisitions to add to its cybersecurity and threat monitoring technology, though the CEO declined to elaborate on what kinds of assets it may purchase, saying only that MedCrypt is looking “opportunistically” at M&A. It purchased cybersecurity information sharing group MedISAO in August 2020 for an undisclosed price.
“We think that long term there is an opportunity to build a healthcare cybersecurity giant” via organic growth and acquisitions, the CEO said, adding that its total addressable market is currently around USD 2bn.
