NextUp

NextUp: The Cybersecurity Firm Making Medical Devices Hack-Proof

In the age of cyber attacks, MedCrypt wants to keep pacemakers, X-ray machines, and other healthcare tech safe from unlawful intrusion.


Mike Kijewski and Eric Pancoast, founders of the Philadelphia-based software company, MedCrypt.

“NextUp” is a weekly NextHealth PHL feature that highlights the local leaders, organizations and research shaping the Greater Philadelphia region’s life sciences ecosystem. Email qmuse@phillymag.com with pitches for NextUp.

Who: When it comes to cybersecurity for healthcare, MedCrypt is ahead of the game. The founders of the Philadelphia-based software company, Mike Kijewski and Eric Pancoast, had already developed their first security software for medical devices in 2014, two years before the FDA recognized vulnerabilities in medical device security and issued guidelines for avoiding cybersecurity threats.

What: Medcrypt’s technology allows vendors to encrypt health data so only trusted sources can instruct and access medical devices. The technology also employs real-time monitoring that identifies and alerts vendors of unusual user behavior.

When: In May, MedCrypt received $5.3 million in a Series A funding round to expand its workforce to include new members in sales and engineering roles, and further develop its technology. The company had already raised $750,000 in seed funding in 2016 from investors like Safeguard Scientifics, Wharton Alumni Angel Network, and ThingWorx. In total, MedCrypt has raised over $8 million in funding.

Why: The healthcare industry relies on a range of medical devices to provide patient care; without proper security, every one of them is vulnerable to hacking and misuse. Medical devices are often connected to a hospital’s network or a patient’s internet service, increasing the risk of cybersecurity breaches. Hackers have the ability to hijack, misuse, or disable any device that sends and receives data. Everything from pacemakers and insulin pumps to infusion pumps, X-ray machines, and CT scanners, could be accessed.

In 2018, U.S. healthcare data breaches resulted in 15 million patient records being exposed. A recent study from CynergisTek estimates healthcare will suffer two to three times more cyber attacks in 2019 than other industries.

What It Means: Despite guidance from HIPAA and the FDA, many vendors are still creating and using medical devices that are not in compliance. With its healthcare-specific focus, MedCrypt is positioned to take the lead in helping healthcare companies ensure the safety of their devices and data, potentially preventing harm to a patient or healthcare company’s network.