MedCrypt CEO Mike Kijewski said more medical device companies are taking a closer look at security, with new guidelines from the FDA. The company recently graduated from Bay Area accelerator Y Combinator, which invested $150,000. File photo by Jamie Scott Lytle

MedCrypt CEO Mike Kijewski said more medical device companies are taking a closer look at security, with new guidelines from the FDA. The company recently graduated from Bay Area accelerator Y Combinator, which invested $150,000. File photo by Jamie Scott Lytle

MEDCRYPT INC.

CEO: Mike Kijewski

Amount of funding raised to date: $3 million

No. of local employees: 5

Investors: Eniac Ventures, Safeguard Scientifics, Sway Ventures, Nex Cubed, Orinoco Investments, Friedman BioVentures, Y Combinator

Headquarters: Encinitas

Year founded: 2016

Company description: MedCrypt develops software to help medical device companies protect user data.

Medical device companies are turning a closer eye to security, and Encinitas software startup MedCrypt is prepared to help them.

Founder Mike Kijewski worked as a product manager for Varian Medical Systems, a medical device company that makes radiation oncology treatments, before starting the company in 2016.

“In 2014, many hospitals were starting to ask questions about patient safety as it related to cybersecurity and medical devices,” he said. “The assumption was that the hospital network was secure and that these devices didn’t need security built into them. Now, in security, you need to assume the network is not secure. You need to plan for the worst-case

scenario.”

New regulations by the U.S. Food and Drug Administration are also putting the onus on companies to protect their devices. A premarket guidance released by the agency in October recommends medical device companies include a “bill of materials” listing the hardware and software components of a device that would be susceptible to cyberattacks.

Kijewski expected most device vendors would begin implementing those changes “at full speed” in the second half of 2019.

“It’s definitely been helpful,” he said, though “it has been hard to tease out how much growth has been a result of that.”

MedCrypt sells software to help medical device companies meet these new FDA guidelines, encrypt patient data and alert users in the event of a breach. The company raised $1.9 million in a seed round led by Eniac Ventures last year, and recently graduated from prestigious Bay Area accelerator Y Combinator.

The three-month program brought MedCrypt $150,000 in additional funding—and a boatload of contacts.

“Having that Y Combinator community has been helpful with hiring, customer development and funding,” Kijewski said. “It gives us additional credibility with companies we’re trying to sell to. At some point in the future, we will presumably raise money, and Y Combinator has been a great platform for that.”

He said MedCrypt had been in conversations with a few San Diego medical device companies that had been receptive to its work. The company is currently focused on bringing its first customers to market, where it can monitor and continue to build on its software.

MedCrypt’s system currently apply to pacemakers, certain types of wearables and clinical decision support systems — essentially, anything the FDA calls a medical device. In the future, Kijewski hopes to expand the company to protect data all the way up to the point that it enters a health record system, so it might protect a CT scanner, a hospital’s image management system, and the data transferred up to an electronic health record.

“In the long term, (we) see opportunity to expand from medical devices to software systems within scope of health care that are not medical devices,” Kijewski said.