Siilo injects $5.1M to try to transplant WhatsApp use in hospitals

Consumer messaging apps like WhatsApp are not only insanely popular for chatting with friends but have pushed deep into the workplace too, thanks to the speed and convenience they offer. They have even crept into hospitals, as time-strapped doctors reach for a quick and easy way to collaborate over patient cases on the ward.

Yet WhatsApp is not specifically designed with the safe sharing of highly sensitive medical information in mind. This is where Dutch startup Siilo has been carving a niche for itself for the past 2.5 years — via a free-at-the-point-of-use encrypted messaging app that’s intended for medical professions to securely collaborate on patient care, such as via in-app discussion groups and being able to securely store and share patient notes.

A business goal that could be buoyed by tighter EU regulations around handling personal data, say if hospital managers decide they need to address compliance risks around staff use of consumer messaging apps.

The app’s WhatsApp-style messaging interface will be instantly familiar to any smartphone user. But Siilo bakes in additional features for its target healthcare professional users, such as keeping photos, videos and files sent via the app siloed in an encrypted vault that’s entirely separate from any personal media also stored on the device.

Messages sent via Siilo are also automatically deleted after 30 days unless the user specifies a particular message should be retained. And the app does not make automated back-ups of users’ conversations.

Other doctor-friendly features include the ability to blur images (for patient privacy purposes); augment images with arrows for emphasis; and export threaded conversations to electronic health records.

There’s also mandatory security for accessing the app — with a requirement for either a PIN-code, fingerprint or facial recognition biometric to be used. While a remote wipe functionality to nix any locally stored data is baked into Siilo in the event of a device being lost or stolen.

Like WhatsApp, Siilo also uses end-to-end encryption — though in its case it says this is based on the opensource NaCl library

It also specifies that user messaging data is stored encrypted on European ISO-27001 certified servers — and deleted “as soon as we can”.

It also says it’s “possible” for its encryption code to be open to review on request.

Another addition is a user vetting layer to manually verify the medical professional users of its app are who they say they are.

Siilo says every user gets vetted. Though not prior to being able to use the messaging functions. But users that have passed verification unlock greater functionality — such as being able to search among other (verified) users to find peers or specialists to expand their professional network. Siilo says verification status is displayed on profiles.

“At Siilo, we coin this phenomenon ‘network medicine’, which is in contrast to the current old-­fashioned, siloed medicine,” says CEO and co-founder Joost Bruggeman in a statement. “The goal is to improve patient care overall, and patients have a network of doctors providing input into their treatment.”

While Bruggeman brings the all-important medical background to the startup, another co-founder, Onno Bakker, has been in the mobile messaging game for a long time — having been one of the entrepreneurs behind the veteran web and mobile messaging platform, eBuddy.

A third co-founder, CFO Arvind Rao, tells us Siilo transplanted eBuddy’s messaging dev team — couching this ported in-house expertise as an advantage over some of the smaller rivals also chasing the healthcare messaging opportunity.

It is also of course having to compete technically with the very well-resourced and smoothly operating WhatsApp behemoth.

“Our main competitor is always WhatsApp,” Rao tells TechCrunch. “Obviously there are also other players trying to move in this space. TigerText is the largest in the US. In the UK we come across local players like Hospify and Forward.

“A major difference we have very experienced in-house dev team… The experience of this team has helped to build a messenger that really can compete in usability with WhatsApp that is reflected in our rapid adoption and usage numbers.”

“Having worked in the trenches as a surgery resident, I’ve experienced the challenges that healthcare professionals face firsthand,” adds Bruggeman. “With Siilo, we’re connecting all healthcare professionals to make them more efficient, enable them to share patient information securely and continue learning and share their knowledge. The directory of vetted healthcare professionals helps ensure they’re successful team­players within a wider healthcare network that takes care of the same patient.”

Siilo launched its app in May 2016 and has since grown to ~100,000 users, with more than 7.5 million messages currently being processed monthly and 6,000+ clinical chat groups active monthly.

“We haven’t come across any other secure messenger for healthcare in Europe with these figures in the App Store/Google Play rankings and therefore believe we are the largest in Europe,” adds Rao. “We have multiple large institutions across Western-Europe where doctors are using Siilo.”

On the security front, as well flagging the ISO 27001 certification the company has gained, he notes that it obtained “the highest NHS IG Toolkit level 3” — aka the now replaced system for organizations to self-assess their compliance with the UK’s National Health Service’s information governance processes, claiming “we haven’t seen [that] with any other messaging company”.

Siilo’s toolkit assessment was finalized at the end of Febuary 2018, and is valid for a year — so will be up for re-assessment under the replacement system (which was introduced this April) in Q1 2019. (Rao confirms they will be doing this “new (re-)assessment” at the end of the year.)

As well as being in active use in European hospitals such as St. George’s Hospital, London, and Charité Berlin, Germany, Siilo says its app has had some organic adoption by medical pros further afield — including among smaller home healthcare teams in California, and “entire transplantation teams” from Astana, Kazakhstan.

It also cites British Medical Journal research that found that of the 98.9% of U.K. hospital clinicians who now have smartphones, around a third are using consumer messaging apps in the clinical workplace. Persuading those healthcare workers to ditch WhatsApp at work is Siilo’s mission and challenge.

The team has just announced a €4.5 million (~$5.1M) seed to help it get onto the radar of more doctors. The round is led by EQT Ventures, with participation from existing investors. It says it will be using the funding to scale­ up its user base across Europe, with a particular focus on the UK and Germany.

Commenting on the funding in a statement, EQT Ventures’ Ashley Lundström, a venture lead and investment advisor at the VC firm, said: “The team was impressed with Siilo’s vision of creating a secure global network of healthcare professionals and the organic traction it has already achieved thanks to the team’s focus on building a product that’s easy to use. The healthcare industry has long been stuck using jurassic technologies and Siilo’s real­time messaging app can significantly improve efficiency
and patient care without putting patients’ data at risk.”

While the messaging app itself is free for healthcare professions to use, Siilo also offers a subscription service to monetize the freemium product.

This service, called Siilo Connect offers organisations and professional associations what it bills as “extensive management, administration, networking and software integration tools”, or just data regulation compliance services if they want the basic flavor of the paid tier.

Washington hit China hard on tech influence this week

After months of back-and-forth negotiations, Washington moved rapidly this past week to fend off the increasing transcendence of China’s tech industry, with Congress passing expanded national security controls over M&A transactions and the Trump administration heaping more pressure on China with threats of increased tariffs.

We’ve been following the reforms to CFIUS — the Committee on Foreign Investment in the United States — since the proposal was first floated late last year. The committee is charged with protecting America’s economic interests by preventing takeovers of companies by foreign entities where the transaction could have deleterious national security consequences. The committee and its antecedents have slowly gained powers over the past few decades since the Korean War, but this week, it suddenly gained a whole lot more.

Through the Foreign Investment Risk Review Modernization Act of 2018, which was rolled into the must-pass National Defense Authorization Act and passed by Congress this week, CFIUS is gaining a number of new powers, more resources and staff, more oversight, and a charge to massively expand its influence in any M&A process involving foreign entities.

Lawfare has a great summary of the final text of the bill and its ramifications, but I want to highlight a few of the changes that I think are going to have an outsized effect on Silicon Valley and the tech industry more widely.

One of the top priorities of this legislation was to make it more difficult for Chinese venture capital firms to invest in American startups and pilfer intellectual property or acquire confidential user data.

Congress fulfilled that goal in two ways. First, the definition of a “covered transaction” has been massively expanded, with a focus on “critical technology” industries. In the past, there was an expectation that a foreign entity had to essentially buy out a company in order to trigger a CFIUS review. That jurisdiction has now been expanded to include such actions as adding a member to a company’s board of directors, even in cases where an investment is essentially passive.

That means that the typical VC round could now trigger a review in Washington — and in the fast timelines of startup fundraising, that might be enough friction to keep Chinese venture capital out of the American ecosystem. Given that Chinese venture capital (at least by some measures) has outpaced U.S. venture capital in the first half of this year, this provision will have huge ramifications for startups and their valuations.

The second element Congress added was requiring that CFIUS receive all partnership agreements that a company has signed with a foreign investor. Often in a transaction, there is a main agreement spelling out the overall structure of a deal, and then side agreements with individual investors with special terms not shared with the wider syndicate, such as the right to access internal company data or intellectual property. By requiring further disclosure, CFIUS will have a more holistic picture of a deal and any risks it might add for national security.

It’s important to note that Congress was keen on balancing the need for investment with the need of national security. Through oversight provisions, including allowing CFIUS decisions to be contested in the DC Court of Appeals, Congress has designed the reform to be fairer, even as it takes a harder line on certain transactions.

It will take many months for the provisions to come in full force, so some of the effects of this bill won’t be felt until the end of next year. Nonetheless, Congress has sent a clear message of its intent.

Congress’ national security concerns in financial transactions are also crossing the Atlantic. British Prime Minister Theresa May and her government are spearheading new controls over foreign investment transactions, and the EU has also launched more screenings to ensure that transactions are in the best interests of the continent. All of these legislative moves are a response to Chinese foreign direct investment, which has skyrocketed in Europe while almost disappearing in North America.

President Trump signed tariffs on China earlier this year. Now, the administration wants to more than double them.

That disappearance is a function of the on-going trade dispute between the U.S. and China, which crescendoed this past week. The Trump administration said it is considering increasing tariffs from 10% to 25% on $200 billion worth of Chinese goods, significantly heightening the tariffs it had put in place earlier this year.

That threat got a swift response from China overnight, with the Chinese Commerce Ministry saying that it would put tariffs on $60 billion worth of American goods in retaliation if the U.S. followed through with its threat.

So far, the tech industry appears to have been more insulated from the back-and-forth than expected, although the increasing scope and intensity of tariffs could change that calculus. Apple updated its quarterly filing this week to include a new risk around trade disputes, saying that “Tariffs could also make the Company’s products more expensive for customers, which could make the Company’s products less competitive and reduce consumer demand.” Legal boilerplate for sure, but it is the first time the company has included such a provision in its filing.

The tariffs drama is going to continue in the weeks and months ahead. But this week in particularly was a watershed for U.S. and China technology relations, and a busy week for tech lobbyists and policy officials.

For startups, most of this news basically boils down to the following: the U.S. is one market, and China is another. Cross-investing and cross-distribution just aren’t going to be easy as they were even a few months ago. Pick a market — one market — and focus your energies there. Clearly, it’s going to be tough times for anyone caught in the middle between the two.