In September the FBI warned that more than half of connected medical devices in hospitals had critical security vulnerabilities, and these flaws are leading to a spate of healthcare attacks. As Carly Page reported, MedCrypt has raised a $25 million round to help device makers build security by design into the next generation of medical devices.

A graduate of the Y Combinator, the company provides software for anything the U.S. Food and Drug Administration would consider a medical device where cybersecurity could be a concern, from insulin pumps and heart rate monitors to AI-based radiology tools and autonomous robots. I’m sure we can all agree we don’t want to live in a world where people are blackmailed so hackers don’t send their critical health devices on the fritz so let’s get to the story MedCrypt shared with its investors for its Series B.

We’re looking for more unique pitch decks to break down, so if you’d like to submit your own pitch decks here’s how to do it.

Slides into this deck

The MedCrypt Series B deck is a neat 12-slide deck. The company’s COO, Vidya Murthy, who shared the deck with me, said it’s pitched that way, except some customer adoption information has been redacted. Sounds logical; security is a sensitive matter, and I imagine keeping the client list under your hat is a smart move. The company does claim that three of the top five device manufacturers use their products.

1. Cover slide
2. Problem slide
3. Target group/market size dia
4. Occasion slide
5. Mission slide
6. Product slide: Tracking vulnerabilities
7. Product Slide: Behavior Monitoring
8. Product Slide: Cryptography
9. Product slide: MedISAO
10. Team slide
11. Summary/traction slide
12. Closing slide

Three things to love

MedCrypt’s slide deck shows that it is a mature organization with a broad product line and even the beginnings of an ecosystem of influence. The deck is quite unusual in that it lacks a decent amount of information that I’d expect to see in a corporate deck at this stage, but the story is clean and (mostly) easy to follow.

A surprisingly large portion of the deck focuses on the company’s product range, with four of the 10 content slides devoted to it. It makes sense to tell a company’s story through its products, but the deck itself doesn’t do that well; it’s clear that a voiceover is needed to put this information into context.

Bringing the industry together

[Slide 9] Mediwhat now? Image Credits: MedCrypt

This slide is very good and quite flawed at the same time. When it first came up, I didn’t know what MedISAO was and why it was on the company’s slideshow. It shows that this deck was designed with a voiceover in mind, rather than being readable in its own right. This slide comes after three slides explaining MedCrypt’s products and uses the same design. Maybe that should have been the tip that this is also one of the company’s products, but I found it confusing at first. Why is it good that the FDA recommends ISAO memberships? What the hell even is an ISAO? (I had to google it; it’s an information sharing and analytics organization). Why is it important that MedISAO is good for MDM? (I know, I know. I had to google that too: medical device manufacturer). Yay sales pipeline I assume?

When I visited MedISAO’s website, it finally clicked. The site’s FAQs states that “MedISAO is hosted by MedCrypt, Inc., a cybersecurity company at the forefront of the healthcare industry.”

So! We eventually got there, which isn’t really a good thing to say about a pitch deck. What is hugely impressive, however, is that if MedCrypt is able to be the central repository for sharing security information across all medical devices, it has the ability to keep tabs on everything that’s going on across the industry. It really is a powerful position to be in.

Of course, there’s nothing on this slide about how successful it has been so far, and the website says, “MedISAO doesn’t publish a full list of member organizations, but you can see a partial list of members on the home page.” It’s hard to gauge whether this is a mature, successful initiative that helps MedCrypt strengthen its space or a website the company set up in a few afternoons. I would have liked to see some stats here, particularly on the value of the site’s sales pipeline and what impact it has.

An underbelly of an opportunity slider

[Slide 4] Yes, that seems important. Image Credits: MedCrypt

One of the big questions an investor asks himself is whether there is a market for a product or company. Regulatory shifts can be a powerful driver for adoption. For example, before the GDPR legislation came into force in May 2018, every website in Europe and every company that wanted to do business with EU countries had to make changes very quickly. That created a thriving industry for web development houses that specialized in privacy.

Well, it seems the same is happening in the medical device industry; this slide claims that more than $1 trillion worth of devices must be secured to meet the requirements. However, unlike web development, this is quite a specialized industry. If you thought GDPR was wild, get a load out of it HIPAA. Plus, it’s often non-trivial to update the firmware on embedded electronic devices (which is part of why we’re in this mess in the first place).

This slide is an absolute hit: it doesn’t take much imagination to see how there is a huge market with a lot of money at stake (and a lot of money to spend) – with a ticking clock. It’s a perfect storm and MedCrypt has built a boat that just might handle it.

Strong summary slide

[Slide 11] Great summary. Image Credits: MedCrypt

Personally, I’m not a fan of READING LARGE AMOUNTS OF TEXT IN CAPITAL LETTERS; it’s garish and reader-unfriendly. It also means that people who are proficient at speed reading cannot use their speed reading skills. Aside from that, this slide is a great one to end on. It contains a huge amount of really good information: it summarizes the market opportunities, products, number of clients and previous fundraising and helps set the tone for the Q&A at the end. Another approach would have been to move the summary slide to the beginning of the deck to set the tone, but it works either way.

In the rest of this teardown, we look at three things MedCrypt could have improved or done differently, along with the full pitch deck!