logo
episode-header-image
Sep 29
44m 59s

#426: Software as a Medical Device: Secu...

Greenlight Guru + Medical Device Entrepreneurs
About this episode

In this episode, host Etienne Nichols sits down with Jose Bohorquez and Mohamad Foustok from CyberMed to dissect the complex world of Software as a Medical Device (SaMD) and cybersecurity. They emphasize that SaMD is first and foremost a medical device and should be treated as such from the very beginning of the development process. The conversation highlights the most common mistakes companies make, like treating security as an afterthought and jumping straight into coding without a solid architectural plan.

Mohamad Foustok introduces the concept of "zero trust" and the critical importance of designing for security across the entire product lifecycle, from initial concept to post-market surveillance. The discussion clarifies that cybersecurity is not limited to network-connected devices but applies to any medical device with a software function, regardless of its connectivity. They also touch on the historical context of FDA guidance, noting a significant shift in recent years that has raised the regulatory bar and put a greater emphasis on robust cybersecurity documentation.

The guests provide actionable advice for MedTech professionals, stressing the value of a balanced approach that integrates security and functionality from day one. They explain that a well-thought-out process, though seemingly slower at the outset, ultimately saves time and resources by preventing costly and time-consuming redesigns later on. This episode serves as a vital guide for anyone looking to build a secure and compliant medical device in today's evolving regulatory landscape.

Key Timestamps

  • [01:50] Common pitfalls in developing SaMD, including overlooking regulatory guidance like IEC 62304.
  • [03:20] The critical mistake of treating cybersecurity as an afterthought in product development.
  • [05:00] Who cybersecurity applies to beyond software, including patients, manufacturers, and supply chains.
  • [06:30] The FDA's stance on cybersecurity for any device with a software function, even if not network-connected.
  • [08:00] A discussion on "reasonable assurance of cybersecurity" and what it means for manufacturers.
  • [10:00] The "zero trust" principle and why you should never assume a network is secure.
  • [14:00] How hospitals and other stakeholders are demanding more rigorous cybersecurity standards.
  • [15:40] The ideal process for a "security-first" development lifecycle.
  • [21:00] Why rushing development without a proper architecture can lead to significant delays and cost overruns.
  • [23:00] A brief history of FDA's cybersecurity guidance and the major shift in 2023.

Quotes

"Software as a medical device ultimately is a medical device, and so you want to be developing it from the get-go with that mindset." — Jose Bohorquez
"Security can't be an afterthought. You have to consider security at the inception of your approach to a product." — Mohamed Fustok

Takeaways

  • A "Security-First" Mindset is Essential: Integrate cybersecurity from the initial architectural phase of your project. This proactive approach saves significant time and money by avoiding costly redesigns and delays later in the development process or after an FDA submission.
  • Cybersecurity is for All Software-Driven Devices: Don't assume that only cloud-connected devices need cybersecurity documentation. The FDA requires documentation for any device with a software function, including embedded systems and programmable logic, even if it's not connected to a network.
  • Regulatory Compliance is a Process, Not a...
Up next
Oct 6
#427: Medical Device Reimbursement - Pitfalls to Avoid
This episode tackles the often-overlooked but critical topic of medical device reimbursement. Host Etienne Nichols speaks with Haley King, co-founder and CEO of Paxos Health, about why this process is just as vital as FDA approval for a device's commercial success. They explore t ... Show More
41m 12s
Sep 22
#425: The "Front End" of Medical Device Innovation: From Idea to Market
This episode with Stuart Grant of Archetype MedTech demystifies the "front end of innovation," a critical yet often overlooked phase of medical device development. Stuart, a seasoned MedTech veteran with over two decades of experience at Johnson & Johnson, shares insights from hi ... Show More
41m 58s
Sep 15
#424: The MedTech Startup Survival Guide with Steve Bell
In this episode, host Etienne Nichols sits down with seasoned MedTech entrepreneur Steve Bell to discuss the critical lessons for starting and scaling a medical device company. With over 30 years of global experience, Steve shares insights from his work with major corporations li ... Show More
52m 3s
Recommended Episodes
Nov 2024
Growing Diet Doctor to Over 500k Daily Website Hits w/Dr Andreas Eenfeldt
This interview explores innovation in health technology, focusing on the creation of user-friendly tools that simplify nutrition tracking and health monitoring for the average person. The speaker discusses the traditional complexity of tracking nutrition and calories, noting that ... Show More
24m 54s
Jul 2024
Digital Health Festival 2024: Medtech's Geoffrey Sayer on Transforming GP Software Systems
In this episode of The Good GP, hosts Dr Tim Koh and Dr Sean Stevens speak with Geoffrey Sayer, CEO of Medtech, at the Digital Health Festival 2024. Geoffrey introduces Medtech, an electronic health record system designed to service practices in Australia and New Zealand, providi ... Show More
13m 31s
Sep 2024
Software Development in the Evolving World of Medical Devices and Applications - with Urvashi Tyagi of ResMed
Today’s guest is Urvashi Tyagi, Advisor and Former CTO at ResMed. Urvashi joins us on today’s podcast with Emerj Senior Matthew DeMello to discuss the unique challenges healthcare leaders face in driving software development efficiencies for medical devices and customer-facing mo ... Show More
22m 53s
Feb 2025
AI Biohacking Breakthroughs: Transform Your Health with Gary Brecka's Top Strategies | EP #149
In this episode, Gary and Peter discuss the most important bio hacks people should know and cover a list of health tech gadgets they have at home and use daily to live longer.  Recorded on Jan 23rd, 2024Views are my own thoughts; not Financial, Medical, or Legal Advice. Gary Brec ... Show More
1h 37m
Jul 2024
The Change Management Prescription: Vital Strategies for Healthcare Transformation
In this episode, Dr. Fatih Mehmet Gül interviews Vivek Shukla, a renowned healthcare leader, about the critical role of change management in healthcare. They discuss the keys to successful change management, the leadership principles that foster excellence in healthcare, and the ... Show More
33m 42s
Sep 2024
Growing as a CPO as your product grows from 0 to $10B valuation | Tomer London, Co-founder and Chief Product Officer at Gusto | E235
In this episode, of The Product Podcast, we chat with Tomer London,Co-founder and Chief Product Officer of Gusto, the leading HR platform for small and medium-sized businesses in the US. Tomer shares his journey from coding his first inventory management system for his dad’s clot ... Show More
45m 50s
May 2025
Building Readiness for AI Agents in Healthcare Systems - with Raheel Retiwalla of Productive Edge
Today’s guest is Raheel Retiwalla, Chief Strategy Officer at Productive Edge — a digital transformation consultancy focused on healthcare. Productive Edge works with payers, providers, and health tech firms to leverage AI, data, and modern platforms to streamline operations, cut ... Show More
33m 22s
Apr 2025
Driving Multi-Modal Retail and Healthcare CX - with Brett Kiley of CVS Health
In this episode of the AI in Business Podcast, Brett Kiley, Executive Director of Customer Experience and Client Solutions at CVS Health, joins us for a compelling discussion on the evolving landscape of customer interactions. With over two decades of experience, Brett shares how ... Show More
18m 38s
Jan 2025
Launching a Medical Device Company with David Gomez
Have you ever dreamed of starting your own medical business but aren’t sure how to bring an idea to life? Today we’re excited to welcome on David Gomez, CRNA, to share his experience of starting a medical device company from the ground up. David's story is one of perseverance and ... Show More
47m 36s
Sep 17
From Clinician to Chief Health AI Officer: A Conversation with Dr. Karandeep Singh
Dr. Karandeep Singh brings two worlds together: programming and medicine. In this conversation, he explains how early experiments with code led him to biomedical informatics, why gaps between paper performance and clinical reality must be confronted, and how governance committees ... Show More
1h 2m
Listen to millions of songs and podcasts on Anghami