The Med Device Cyber Podcast
Technology
About
In a time where healthcare and technology are deeply intertwined, understanding medical device cybersecurity is not just important—it's essential. Welcome to The Med Device Cyber Podcast, your go-to resource for understanding the complexities of this critical field of cyber security. As the definitive podcast on medical device security, we explore everything from identifying and mitigating vulnerabilities to navigating this ever-evolving regulatory landscape. Hosted by Christian Espinosa, Founder & CEO of Blue Goat Cyber, and Trevor Slattery, Director of Medical Device Cybersecurity, each episode features expert insights into the latest cybersecurity threats, innovative solutions, and best practices for protecting the medical devices that are at the heart of modern healthcare. Whether you're a healthcare provider, a device manufacturer, a cybersecurity professional, or just someone looking to learn about the importance of cybersecurity in human lives, this podcast empowers you with the knowledge and tools to ensure patient safety and secure the future of medical technology. This podcast is brought to you by Blue Goat Cyber, specializing in providing elite cybersecurity solutions.
Episodes
- Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
This episode discusses the importance of scientific and engineering diligence in early-stage MedTech investing, particularly in neurotech. It emphasizes evaluating the credibility of the science, clinical utility, regulatory pathways, reim…
- Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies Limited
Michael Branagan Harris of HealthTech Strategies Limited discusses how MedTech companies require evidence of affordability, care quality, operational impact, and long-term value, not just technical performance, to succeed commercially post…
- De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
Brent Lavin joins Christian Espinosa and Trevor Slattery to discuss how early product decisions in MedTech startups impact commercialization. They cover regulatory pathways like 510(k) and PMA, the importance of feature set alignment, and…
- Vibe Coding Security Risks and Malicious Code Injection with Jake Rodriguez of Triangle Tech
Jake Rodriguez joins The Med Device Cyber Podcast to discuss the security risks associated with vibe coding, where AI generates code for rapid development. They explore how malicious actors can inject vulnerabilities and the increased risk…
- Why Clinical Trials Are the Most Expensive Capital Outlay for Startups with Rob Bedford, CEO of Franklyn Health
Rob Bedford, CEO of Franklyn Health, explains how startups can avoid costly errors by integrating clinical strategy, regulatory pathways, and cybersecurity from the outset. He highlights the value of FDA pre-submission meetings and underst…
- Traceability Requirements and Documentation Audit Trails with Dr. Basant Bajpai, CEO of Compliance MedQRA
Dr. Basant Bajpai explains how delays in quality management system implementation and the use of inadequate documentation tools like SharePoint can lead to cascading failures in medical device development. He emphasizes that establishing d…
- Early Design Decisions that Shape Medical Device Success with Chris Danek, CEO of Bessel
Chris Danek, CEO of Bessel, joins The Med Device Cyber Podcast to discuss how early design decisions in medical device development, including software architecture and component selection, significantly influence cybersecurity, patient saf…
- Edge Cases, Alarm Fatigue, and Why AI Cannot Replace Clinical Judgment with Brandon Fertig, Senior Manager at Philips Healthcare
This episode features Brandon Fertig discussing alarm fatigue and the limitations of AI in clinical settings. It emphasizes the irreplaceable role of human judgment in healthcare, especially in edge cases, and explores how AI can enhance e…
- Alarm Fatigue, Workflow Integration, and the Intelligent Operating Room (Professor Aamer Ahmed)
Professor Aamer Ahmed joins The Med Device Cyber Podcast to discuss the importance of workflow integration in medical devices, the impact of alarm fatigue on clinical decision-making, and the role of AI in healthcare. The conversation also…
- How to Move Stakeholders from Awareness to Sustained Adoption Without Friction
This episode of The Med Device Cyber Podcast discusses strategies for achieving sustained adoption of medical devices. It covers understanding stakeholder differences, managing longer buying processes, and identifying friction points to en…
- Prevention Is Better Than Cure: Applying Medical Principles to Medtech Cybersecurity
This episode examines how neglecting the actual usage environment in medical device risk assessments leads to patient harm and cybersecurity gaps. Guest Stephen Smith shares an ICU risk assessment example and discusses the financial and pr…
- How AI Code Security Became a Medical Device Problem with Jun Xiang Tan
Jun Xiang discusses Singapore's Cybersecurity Labeling Scheme for medical devices, which has four tiers of security. He explains the security risks of AI in medical devices, covering topics like adversarial attacks, data privacy concerns w…
- How to Build an SBOM That Passes FDA Review
This webinar explains FDA expectations for SBOMs in medical device submissions, highlighting the need to include first-party code and use formats like SPDX or CycloneDX. It addresses common mistakes, the history of SBOMs, and their role in…
- From Idea to FDA Clearance: What Nobody Tells Medtech Founders with Darcy Bachert
Darcy Bachert shares insights on common mistakes made by medtech founders, the importance of IEC 62304, and integrating cybersecurity from the start of medical device software development. The discussion covers the Canadian medtech ecosyst…
- What MedTech Startups Get Wrong About Cybersecurity Documentation with Marc Zemel
Marc Zemel shares insights on cybersecurity documentation challenges faced by MedTech startups, emphasizing the high cost of retrofitting security and the importance of a robust quality system from the outset. He details his experience wit…
- Why Most Medtech Companies Fail at Global Expansion (And How to Fix It) with William Jin
William Jin shares insights on medtech global expansion, emphasizing the critical role of early cybersecurity and regulatory planning. He highlights common mistakes, such as overlooking data sovereignty and market-specific regulations, and…
- What It Takes to Succeed in the Medtech Industry with Omar Khateeb
Omar M. Khateeb discusses the realities of launching a medtech startup, detailing his entrepreneurial journey, key challenges, and strategies for success in the healthtech sector.
- Untangling Software Composition Analysis for MedTech Teams
This episode of The Med Device Cyber Podcast discusses Software Composition Analysis (SCA) in the context of medical device cybersecurity. Hosts Christian and Trevor explain the importance of SCA, SBOMs, and SOUP, clarifying common misunde…
- When Medical Device Cyber Failures Become Fatal
This episode reviews historical cybersecurity failures in medical devices, including ransomware attacks and implantable device vulnerabilities, and discusses how these incidents led to patient harm and death. It highlights regulatory scrut…
- Trevor Slattery Answers Tough Medical Device Cyber Questions
In this episode of The Med Device Cyber Podcast, Trevor Slattery is questioned by Christian Espinosa on essential medical device cybersecurity concepts, standards, risk management, and secure development. They clarify how these elements in…
- The Differences Between Black, Grey, and White Penetration Testing
This episode of The Med Device Cyber Podcast explains the distinctions between black, grey, and white box penetration testing. It details how these methodologies affect cybersecurity assessments for medical devices and discusses the FDA's…
- How Cybersecurity Shapes Regulatory and Quality Success with Jim Goodmiller
Guest Jim Goodmiller joins Christian and Trevor to discuss how cybersecurity is essential for regulatory and quality success in medical device development. The episode covers integrating cybersecurity from concept through commercialization…
- Webinar: Why FDA Cybersecurity Submissions Fail and How to Get Yours Approved
This webinar addresses common reasons for FDA cybersecurity submission failures for medical devices. Experts Christian Espinosa and Trevor Slattery of Blue Goat Cyber explain how to prevent deficiencies by focusing on early risk management…
- Cybersecurity Qs MedTech Innovators Ask: Christian’s Hot Seat
This episode addresses common cybersecurity questions for MedTech innovators, focusing on avoiding FDA rejection. It details the role of ISO 13485, differentiates HIPAA and FDA cybersecurity expectations, and discusses global regulatory de…
- What Is Required for an FDA Pre-Market Cyber Submission?
This episode of The Med Device Cyber Podcast breaks down the 18 required cybersecurity deliverables for an FDA pre-market submission and maps them to the 13 sections of eSTAR v6.0. Hosts Christian and Trevor discuss the consistent nature o…
- Webinar: Postmarket Cybersecurity Management
This webinar discusses postmarket cybersecurity management for medical devices, focusing on FDA expectations. Hosts Christian and Trevor cover continuous SBOM monitoring, testing, updates, and regulatory alignment.
- How Market Intelligence Shapes MedTech Growth with Kevin Saem
This episode features Kevin Saem discussing the intersection of market intelligence and cybersecurity in the MedTech industry. They cover how AI and data-driven insights are impacting sales, investor confidence, and device security, alongs…
- Designing Secure Medical Device Software with Randy Horton
Randy Horton joins Christian and Trevor to discuss integrating cybersecurity into medical device software development as a core quality element. They explore DevSecOps, quality systems, and modern engineering to enhance safety and innovati…
- Cyber Risk Management for MedTech Legacy Devices
This episode discusses options for MedTech manufacturers to update legacy devices to modern cybersecurity standards, addressing FDA guidance changes and practical steps like penetration testing and postmarket monitoring.
- Webinar: Security Architecture Views: Protecting Medical Devices Through Strategic Design
This webinar explains the FDA's four required security architecture views for medical device manufacturers: global system, multi-patient harm, updatability/patchability, and secure use case. Hosts Christian Espinosa and Trevor Slattery dis…
- Why AI Literacy Matters for the Future of Healthcare with José Acosta
Dr. José Acosta, a retired Navy trauma surgeon and AI literacy advocate, discusses the critical role of AI literacy in reducing patient risk within healthcare settings with hosts Christian Espinosa and Trevor Slattery. The episode explores…
- What Is A Medical Device?
This episode explains the FDA's definition of a "cyber device" and why many medical device manufacturers misunderstand it. It details how common interfaces like USB, HDMI, and Bluetooth can classify a device as cyber-enabled, impacting reg…
- 5 Most Common Misconceptions of Medical Device Security
In this episode of The Med Device Cyber Podcast, hosts Christian and Trevor address five common misconceptions surrounding medical device security. They clarify the difference between data protection and patient safety, explain what consti…
- What Happens When AI in Medical Devices Make Mistakes?
This episode discusses the consequences of AI failures in medical devices, referencing a mental health chatbot case. Hosts Christian Espinosa and Trevor Slattery examine the EU AI Act, MDCG guidance, and the regulatory and cybersecurity la…
- Medical Device Startups and Cybersecurity Challenges with Suzy Engwall
This episode features healthcare innovation consultant Suzy Engwall discussing the challenges medical device startups face, such as funding, regulatory hurdles, and overlooked cybersecurity risks, with hosts Christian Espinosa and Trevor S…
- Top 10 Medical Device Vulnerabilities with Myles Kellerman
This episode of The Med Device Cyber Podcast identifies and discusses the top 10 medical device cybersecurity vulnerabilities, including issues like weak credentials, unsecured communications, and outdated components, offering insights for…
- Overcoming AI and Data Security Challenges in MedTech with May Lee
In this episode of The Med Device Cyber Podcast, May Lee joins hosts Christian and Trevor to discuss evolving medical device cybersecurity challenges. They cover regulatory demands from the FDA, EU, and China, the impact of quantum computi…
- When Cybersecurity Becomes a Crime
This episode discusses the Illumina case, where cybersecurity misrepresentations resulted in Department of Justice enforcement, highlighting the shift from technical risks to legal and patient safety consequences for medical device manufac…
- Balancing Innovation and Regulation in MedTech Development with Karandeep Singh Badwal
This episode discusses balancing innovation with regulatory compliance in medical devices, particularly with AI and software. Karandeep Singh Badwal highlights challenges like immature AI validation, cybersecurity issues, and common startu…
- Webinar: Hacking Med Devices—What Penetration Testing Reveals Before the FDA Does
This webinar features Blue Goat Cyber's Trevor Slattery and Myles Kellerman discussing real-world vulnerabilities found in medical devices through penetration testing. They cover common overlooked weaknesses, provide tips for FDA cybersecu…
- Integrating Project Management to Strengthen Cybersecurity Outcomes with Steve Curry
Steve Curry joins Christian Espinosa on The Med Device Cyber Podcast to discuss how strong project management is crucial for med tech cybersecurity readiness. They cover common project planning pitfalls, the value of a Project Management O…
- Webinar: Navigating FDA Cybersecurity Compliance: A Guide for RA/QA Professionals
This webinar discusses the current cybersecurity threat landscape, including ransomware and social engineering. It explores the role of AI in cyberattacks and defense, the importance of security awareness and multi-factor authentication, a…
- Vulnerability, Penetration & Other Cybersecurity Testing Types Explained
This episode breaks down essential cybersecurity tests for medical devices, such as vulnerability assessments, penetration testing, fuzz testing, and security requirement testing. Hosts discuss FDA compliance, real-world examples, and prac…
- Webinar: Medical Device Penetration Testing: What Every Manufacturer Must Know
This episode discusses the unique aspects of medical device penetration testing, including its differences from traditional IT security, regulatory requirements from the FDA and global bodies, and common vulnerabilities. It also covers ris…
- From Surgery to MedTech Startups: Dr. Dylan Attard’s Journey
Dr. Dylan Attard, founder of MedTech World, shares his journey from surgeon to innovator. The episode covers cybersecurity challenges for hospitals and medical devices, the global growth of med tech, and the importance of early cybersecuri…
- Webinar: Medical Device Risk Assessments - Cybersecurity, Compliance & Patient Safety
This episode focuses on risk assessments for connected medical devices, crucial for patient safety and cybersecurity compliance. It covers the distinction between risk management and assessment, risk scoring methodologies, the applicabilit…
- Understanding Cybersecurity Measures and Metrics for Medical Devices
This episode clarifies the distinction between cybersecurity measures and metrics, emphasizing their importance for FDA submissions. Hosts Christian Espinosa and Trevor Slattery discuss FDA expectations, patch timelines, vulnerability trac…
- Webinar: Mastering Threat Modeling for Medical Device Cybersecurity
Christian Espinosa and Trevor Slattery discuss threat modeling in medical device cybersecurity, covering the DFD3 standard and STRIDE framework. The episode aligns with FDA guidelines for ensuring medical device safety and security.
- FDA Cybersecurity Gets Real with Monica Montañez of NAMSA
The Med Device Cyber Podcast episode features Monica Montañez of NAMSA discussing the evolution of FDA cybersecurity requirements for medical devices post-2023. The conversation covers regulatory shifts, the definition of cyber devices, an…
- Webinar: Risk Management Frameworks For Medical Device Safety & Security
This webinar addresses medical device cybersecurity, focusing on risk management frameworks for safety and security. Trevor Slattery and Christian Espinosa discuss integrating safety and security risk management, conducting assessments, an…