In September, the FBI warned that more than half of connected medical devices in hospitals had known critical security vulnerabilities, and these flaws are leading to a surge in attacks on the healthcare industry. As Carly Page reported, MedCrypt raised a $25 million round to help device manufacturers think security-by-design when creating the next generation of medical devices.
The company is a Y Combinator graduate that provides software for anything the U.S. Food and Drug Administration would consider a medical device where cybersecurity could be a concern, from insulin pumps and heart rate monitors to AI-based radiology tools and autonomous robots. I’m sure we can all agree that we don’t want to live in a world where people get blackmailed so hackers won’t send their critical health devices on the fritz, so let’s take a look at the story MedCrypt shared with its investors to raise its Series B.
We’re looking for more unique pitch decks to tear down, so if you want to submit your own, here’s how you can do that.
Slides in this deck
The MedCrypt Series B deck is a tidy 12-slide deck. The company’s COO, Vidya Murthy, who shared the deck with me, said that it’s as-pitched, except that some of the customer adoption information has been redacted. Makes sense; security is sensitive business, and I imagine keeping the customer list under your hat might be a smart move. The company does claim that three of the top five device manufacturers use their products.
- Cover slide
- Problem slide
- Target audience/market size slide
- Opportunity slide
- Mission slide
- Product slide: Vulnerability tracking
- Product slide: Behavior monitoring
- Product slide: Cryptography
- Product slide: MedISAO
- Team slide
- Summary/traction slide
- Closing slide
Three things to love
MedCrypt’s slide deck shows that it is a mature organization with a broad product lineup and even the beginnings of an ecosystem influence play. The deck is pretty unusual in that it is missing a fair amount of information that I’d expect to see in a deck from a company at this stage, but the narrative is clean and (mostly) easy to follow.
A surprising amount of the deck focuses on the company’s product lineup, with four of the 10 content slides dedicated to that. It makes sense to tell the story of a company through its products, but the deck itself doesn’t do a great job of that; it’s obvious that it needs a voice-over to contextualize this information.
Rallying the industryThis slide is at once very good and pretty lacking. When it first came up, I was confused about what MedISAO was and why it was on the company’s slide deck. It shows that this deck was designed with a voice-over in mind rather than being readable on its own. This slide comes after three slides that explain MedCrypt’s products and uses the same design. Perhaps that should have been the tip-off that this is also one of the company’s products, but I found it confusing at first. Why is it good that the FDA recommends ISAO memberships? What the hell even is an ISAO? (I had to Google it; it’s an information sharing and analysis organization). Why is it important that MedISAO is good for MDM? (I know, I know. I had to Google that, too: medical device manufacturer). Yay, sales pipeline, I suppose?
When I visited the MedISAO website, it finally clicked. The site’s FAQ states that “MedISAO is organized by MedCrypt, Inc., a healthcare-first cybersecurity company.”
So! We got there in the end, which isn’t really a good thing to say about a pitch deck. What is tremendously impressive, though, is that if MedCrypt is able to be the central repository for sharing security information across all medical devices, it has an opportunity to keep a finger on everything that’s going on across its entire industry. It’s a really powerful position to be in.
Of course, there’s nothing on this slide about how successful it is so far, and its website says “MedISAO does not publish a complete list of member organizations, but you can see a partial list of members on the home page.” It’s hard to gauge whether this is a mature, successful initiative that’s helping cement MedCrypt in its space or a website the company flung up over a couple of afternoons. I would have loved to see some metrics here, specifically about the value of the sales pipeline from the site and what impact it has.
A gut punch of an opportunity slide
This slide is an absolute slam dunk. It doesn’t take a lot of imagination to see how there’s an enormous market with a lot of money at stake.
One of the big questions an investor asks themselves is whether there is a market for a product or company. Regulatory shifts can be a powerful driver for adoption. For example, before GDPR legislation went into effect in May 2018, every website in Europe and every company that wanted to do business with EU countries very quickly needed to make changes. That created a booming industry for web development houses that specialized in privacy.
Well, it seems like the same is happening in the medical device industry; this slide claims that more than $1 trillion worth of devices need to get secured to be in compliance. Unlike web development, however, this is a pretty specialized industry. If you thought GDPR was wild, get a load of HIPAA. On top of that, it’s often non-trivial to update the firmware on embedded electronic devices (that’s part of the reason we are in this mess in the first place).
This slide is an absolute slam dunk: It doesn’t take a lot of imagination to see how there’s an enormous market with a lot of money at stake (and a lot of money to spend) — with a ticking clock. It’s a perfect storm, and MedCrypt has built a boat that just might be able to weather it.
Strong summary slidePersonally, I’m not a fan of READING LARGE AMOUNTS OF TEXT IN ALL CAPS; it’s shouty and reader-unfriendly. It also means that people who are adept at speed-reading aren’t able to use their speed-reading skills. That aside, this slide is a great one to end on. It includes a huge amount of really good information: It summarizes the market opportunity, products, number of customers and previous fundraises, and helps set the tone for the Q&A at the end. Another approach would have been to move the summary slide to the beginning of the deck to set the tone, but it works either way.
In the rest of this teardown, we’ll look at three things MedCrypt could have improved or done differently, along with its full pitch deck!