In September The FBI has warned that more than half of the connected medical devices in hospitals have known critical security vulnerabilities and that these flaws are leading to major attacks on the healthcare industry. As Carly Page reports, MedCrypt has raised a $25 million round to help device manufacturers think about security by design when creating the next generation of medical devices.
The company is a graduate of Y Combinator, and the US Food and Drug Administration provides software for medical devices ranging from insulin pumps and heart rate monitors to AI-based radiology equipment and autonomous robots that may be of concern to cybersecurity. I’m sure we can all agree that we don’t want to live in a world where blackmail is done so hackers don’t send their critical health equipment on the fritz, so let’s take a look at the story MedCrypt shared with its investors. To maximize series B.
We’re looking for more unique pitches to break down, so if you’d like to submit your own, here’s how to do that.
Slides on this floor
The MedCrypt Series B deck is a neat 12-slide deck. The company’s COO Vidya Murthy, who shared the deck with me, says it’s almost like a recording, except some of the customer adoption data has been changed. It gives a feeling; Security is a sensitive business, and I think keeping a list of clients under your hat might be a smart move. The company says three out of five major manufacturers use its products.
- Cover slide
- Problem slide
- Target audience/market size slide
- Lucky slider
- mission slide
- Product slide: exposure monitoring
- Product slide: Behavior tracking
- Product slide: Cryptography
- Product slide: MedISAO
- Group slide
- Summary/pull slide
- Closing the slide
Three things to love
MedCrypt’s slide deck shows that it is a mature organization with a broad product portfolio and ecosystem of startups. The deck is a bit unusual in that it lacks the right amount of information I’d expect to see in a deck at this level from a company, but the narrative is clean and (mostly) easy to follow.
The impressive deck focuses on the company’s product portfolio, with four of the 10 content slides dedicated to it. It makes sense to tell the company’s story through its products, but the ship itself doesn’t do a great job of that; Obviously, sound is needed to put this information in context.
Bringing the industry together

[Slide 9] the capital? Image Credits: MedCrypt
This slide is both great and lacking at the same time. When it first came out, I was confused as to what MedISAO was and why it was on the company’s slide deck. This shows that the deck is not readable by itself, but is designed with audio. This slide comes after three slides that explain MedCrypt’s products and use the same design. Perhaps this should have been a hint that it was one of the company’s products, but I found it confusing at first. Why is it good for the FDA to recommend ISAO memberships? What a surprise it is. ISAO? (I had to Google it; it’s a data sharing and analysis company). Why is MediISAO important for MDM? (I know, I know. I had to google that too: medical device manufacturer). Yeah, sales pitch, I guess?
When I visited the MedISAO website, it finally clicked. “MedISAO is organized by MedCrypt, Inc., a healthcare-first cybersecurity company,” states the website’s FAQ.
in order to! We finally get there, this is not a good thing to say about pitch decks. what it is. Most impressively, if MedCrypt can become a central repository for sharing security information across all medical devices, it has the potential to keep a finger on the pulse of what’s going on across the industry. It’s a very powerful place to be in.
Of course, there’s nothing on this slide to say how successful it is yet, and the website says “Medisao doesn’t publish a full list of member organizations, but you can see a partial list of members on its home page.” It’s hard to quantify whether this is a mature, successful initiative helping cement MedCrypt in space, or a website the company rolled out in two afternoons. I’d love to see some metrics here, especially the value of the sales pipeline from the site and what impact it has.
Luck slide gut punch

[Slide 4] Yes, it seems important. Image Credits: MedCrypt
This slide is an absolute slam dunk. It doesn’t take much thinking to see how a big market with a lot of money is in trouble.
One of the biggest questions an investor asks himself is whether there is a market for a product or company. A regulatory shift can be a powerful driver of adoption. For example, before the GDPR came into effect in May 2018, every website in Europe and every company that wanted to do business with EU countries had to make changes quickly. That created a growing industry for web development houses specializing in privacy.
Well, the same thing seems to be happening in the medical device industry; This slide says that devices costing more than $1 trillion must be secure to comply. Unlike web development, this is a pretty specialized industry. If you think GDPR is wild, get a load of HIPAA. On top of that, updating firmware on embedded electronic devices is often not easy (which is one of the reasons we’re in this trouble in the first place).
This slip is a perfect slip: it doesn’t take much imagination to see how there is a huge market with a lot of money at stake (and a lot to spend). It’s a perfect storm, and Medript has built a boat that can handle it.
Strong summary slide

[Slide 11] Excellent summary. Image Credits: MedCrypt
Personally, I’m not a fan of reading large text in all caps. It’s loud and unreadable. It also means that people who are good at speed reading cannot use their speed reading skills. As an aside, this slide is great for finishing. It includes tons of great information: the market opportunity, products, customer base, and previous fundraising, and the Q&A helps set the tone for the finale. Another approach was to move the summary slide to the beginning of the ship to set the volume, but it works either way.
In the rest of this teardown, we’ll look at three things that MedCrypt could have improved or done differently, along with a full pitch deck.