The proactive cybersecurity solution provider MedCrypt Inc. today said it has raised $25 million in new funding to protect healthcare providers from attacks that target connected medical devices and to reduce the danger to patients and hospitals.

Intuitive Ventures and Johnson & Johnson Innovation led the Series B funding round with participation from Section 32, Eniac Ventures, Anzu Partners and Dolby Family Ventures. This round brings the company’s total funding to date to $34 million following the company’s Series A, which raised $5.3 million in 2019.

Medical devices are everywhere in the healthcare industry, especially in hospitals and have become an integral part of the process of providing patient care. They take blood pressure, monitor oxygen and heart rate, and deliver vital information such as imaging data. There are even wearables and implants that patients take home with them.

Like any device with software and firmware, medical devices can be prone to bugs and vulnerabilities, which makes them potential targets for hackers and malware. Incidents targeting these devices can cause immense harm to patients and hospitals, potentially taking them hostage with attackers demanding ransom before returning them to full capacity. They also exist in a highly regulated industry overseen by the U.S. Food and Drug Administration, which requires a certain level of cybersecurity compliance from manufacturers and users.

“We’re past the point of debating the need for improved healthcare cybersecurity,” said Mike Kijewski, chief executive of MedCrypt, explaining that he’s seeing the industry paying more attention to security.

MedCrypt’s platform operates by providing cryptographic communication, behavior monitoring and vulnerability monitoring and management for devices. Once that’s enabled, institutions will get a proactive system that will protect against potential intrusions by making it difficult for attackers to intrude in the first place using cryptographic communications in transit and provide an early warning system against intrusions with an event monitoring system that detects suspicious behavior.

According to a 2021 report from Safety Detectives, the average cost of healthcare data breaches in 2020 was $7.13 million. And out of all healthcare organizations, only 16% claimed to have fully functioning cybersecurity measures in place.

High-profile examples of malware and ransomware attacks against hospitals and medical devices abound, including WannaCry, which could encrypt and lock up operating systems and would target computers, MRI scanners, blood-storage refrigerators and more. In 2018, the hacker group Orangeworm, began to target the healthcare industry with malware attacks against X-Ray and MRI machines running older operating systems.

MedCrypt said it will use the new funds to scale up its cryptography and behavior monitoring services to provide more proactive detection capabilities. It also plans to expand its vulnerability inventory products across various types of medical devices, including small devices such as glucose monitors, all the way up to hospital-based surgical robots. The company also intends to hire more engineers as the demand for medical devices continues to grow.

“With the acceleration of complex medical device ecosystems in hospitals and homes across the United States, and growing expectations of patients, providers, and device manufacturers to meet higher standards for security protection, proactive and focused cybersecurity solutions are urgently needed,” said Dr. Oliver Keown, managing director of Intuitive Ventures, the independent investing arm of surgical robotics pioneer Intuitive Robots.

Photo: Pixabay