The Med Device Cyber Podcast

Ten years ago, Singapore's healthcare system got hacked. Patient records were stolen at a national scale. The government responded by building one of the most comprehensive medical device security frameworks in the world.The Cybersecurity Labeling Scheme has four tiers. Level one means basic security controls exist. Level four means the device underwent independent code review, has advanced threat detection, and maintains continuous vulnerability management. Hospitals can see exactly what level of security they're getting before they buy.Jun Xiang from CareHero explains why this matters, especially now that AI is showing up in medical devices without proper testing. He covers adversarial attacks on medical images, why doctors are uploading patient data to ChatGPT, and what automation bias does to clinical decision making.Practical conversation about medical device security in Southeast Asia and what manufacturers need to know about Singapore's approach.Episode Breakdown:00:01 Welcome00:31 Background01:09 Military service03:09 AI threats03:45 23% problem04:40 X-rays ChatGPT05:43 Attacks08:15 Poisoning11:30 Hallucinations14:20 AI code17:45 Vulnerabilities20:30 Pair programming23:15 Guardrails26:40 Automation bias28:50 AI scribes31:20 Dialects34:05 Pre-triage36:32 Pricing37:25 Pair programmer37:40 Human interpretationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.comIf you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber.Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

SBOMs are one of the most common sources of FDA deficiencies in medical device submissions. Most companies think they're doing it right, but then they get feedback asking for missing components or clarification on what's included.In this webinar, Christian Espinosa and Trevor Slattery explain what the FDA actually expects in an SBOM and why it's not just about listing third-party libraries. You need to include first-party code too. You need to follow the NTIA minimum elements. And you need to provide it in a machine-readable format like SPDX or CycloneDX.Trevor walks through the history of SBOMs, from their origins in licensing compliance to their current role in medical device cybersecurity. He explains the shift-left approach the FDA wants to see and why transparency matters for healthcare delivery organizations making purchasing decisions.The webinar also addresses a big concern people have. Does publishing an SBOM give attackers a roadmap to your system? Trevor breaks down why that's not actually a problem if you're managing your security properly.If you're building a connected medical device or preparing for an FDA submission, this is a clear breakdown of how to get your SBOM right the first time.Webinar Breakdown:00:00 Welcome and introduction to SBOMs00:44 What is an SBOM and why does it matter03:10 The history of SBOMs: From licensing to cybersecurity07:20 Why the FDA cares about SBOMs11:30 The biggest mistake: Leaving out first-party code15:45 NTIA minimum elements explained19:20 Machine-readable formats: SPDX and CycloneDX23:00 Real-world examples: Log4j and Shellshock26:15 Do SBOMs give attackers a roadmap? The truth29:40 Common myths about SBOMs33:50 Key takeaways for FDA submissions36:20 Q&A session beginsBlue Goat Cyber provides essential cybersecurity solutions for the medical device industry.Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Building medical device software is hard. Building it the right way is harder. And getting it through FDA approval while managing cybersecurity requirements? That's what Darcy Bachert has been doing for 17 years.Darcy runs Prolucid Technologies, an ISO 13485-certified software development firm in Toronto. They work with medtech companies across North America, Europe, and Australia.And in that time, he's seen the same mistakes repeatedly.The biggest one? Founders build products that solve problems nobody has. Or they build something physicians won't adopt because it adds complexity instead of making their lives easier.In this conversation, Darcy talks about IEC 62304 and why it matters when choosing a software partner. The Canadian medtech ecosystem and why Toronto is a major hub. And why quality systems and cybersecurity need to be built in from day one, not added at the end.This episode is practical if you're building a medical device or working with medtech startups.Episode Breakdown:00:01 Welcome and intro00:30 Darcy's background and Prolucid Technologies overview01:15 The origin of the name Prolucid Technologies01:58 Why clarity matters more than code04:18 Common challenges beyond software development06:11 Toronto's medtech ecosystem06:57 IEC 62304 and choosing the right development partner09:17 ISO 13485 certification and investor confidence12:04 Realistic timelines for medical device software15:32 Cost expectations and budget planning18:45 Building quality systems from the start21:20 Integrating cybersecurity throughout development24:15 When and how to do penetration testing27:30 Cybersecurity mistakes startups make30:42 The MTI program and Canadian medtech resources33:18 Canadian vs US medtech markets36:22 Physician adoption challenges40:18 Trevor: Don't invent your problem41:36 Darcy: Find partners who've done it before43:05 Christian: Balance user adoption with reimbursementThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube:

Marc Zemel has been building Retia Medical for 15 years. The company started as two guys with slides and licensed technology. Now their data-driven hemodynamic monitoring technology for consistently accurate cardiac output measurements in high-risk surgical and critically ill patients is in 75 hospitals across 18 countries, sold by Medtronic in the U.S, and the company is preparing to launch their new product Argos Infinity, pending FDA clearance.But getting here meant dealing with cybersecurity challenges that Marc didn't see coming. In this conversation, he talks about what actually slowed them down, what he wishes he'd done differently, and why building a proper quality system from day one would have saved him years of pain.Retia Medical develops algorithms that monitor cardiovascular function. Their technology detects problems before blood pressure drops, which makes it valuable in operating rooms and ICUs. Nurses have gotten so attached to their monitors that they literally hug them because the devices help them do their jobs better.Marc walks through the specific cybersecurity issues that surprised him. Like how software as a medical device comes with ongoing compliance costs that hardware doesn't have. Or how documentation requirements kept changing as the FDA updated its expectations. Or how retrofitting cybersecurity into an existing product is way more expensive than building it in from the start.He also shares his philosophy on building companies. He doesn't focus on exits or acquisition targets. He focuses on building something people can't live without. When the product is that good, the rest takes care of itself.If you're building a medical device startup or dealing with FDA submissions, this is a conversation worth hearing.Episode Breakdown:00:00 Introduction00:32 Where everyone's calling from02:54 Marc's background and journey into medtech04:33 What Retia Medical does07:00 Blood flow vs blood pressure09:45 Software vs hardware as a medical device12:30 Cybersecurity challenges15:20 Documentation nightmares18:45 Quality systems and why they matter early22:10 FDA submissions over 15 years25:30 The cost of retrofitting cybersecurity28:50 Software updates and compliance32:15 Build to be bought, not to be sold37:32 What acquirers look for39:02 Product market fit: Nurses hugging monitors41:14 Wearables and future regulationsThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram:

Thinking about taking your medical device to China? Or maybe you're a Chinese company looking at the American market?William Jin has spent over 30 years helping companies do exactly that, and he'll tell you straight up that most of them aren't ready. Not because they lack good products, but because they didn't think about cybersecurity early enough.William was trained as a medical doctor in Shanghai, then moved into the medtech industry working for companies like McCulloch and Stryker. Now he helps businesses on both sides of the Pacific figure out how to actually get their products approved and sold in each other's markets. The problems he sees are surprisingly similar whether you're going East or West.In this conversation, William walks through the real barriers to global expansion. We're talking about practical stuff like why using Google Cloud can completely block you from the Chinese market, how data sovereignty laws affect AI-powered devices, and why that Baxter ventilator recall should matter to everyone building connected medical devices.If you're in medtech and thinking about international markets, this is the reality check you need. William's advice is simple but critical: plan for your target markets before you start building. Otherwise, you'll spend millions redesigning later, or worse, you'll realize you can't enter those markets at all.Episode Breakdown:00:00 The costly mistake of not planning for global markets early00:44 Meet William Jin: Medical doctor turned medtech market strategist03:15 What's really stopping Chinese companies from entering Western markets07:20 Why Chinese medtech exports to the U.S. dropped while Europe increased11:40 The Google Cloud problem nobody warns you about15:50 How China's data regulations affect your algorithms and cloud architecture19:30 Reverse engineering your markets: Start with the end in mind23:00 Where Chinese companies dominate and where they struggle internationally26:45 The Baxter recall that was really about cybersecurity28:50 Why cybersecurity product recalls are fundamentally different29:20 William's final advice for medtech innovators29:40 Wrapping up: Design to disposal, not as an afterthoughtThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com.If you're interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and Founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook:

Ever thought about what it really takes to launch a successful medtech startup?Omar M. Khateeb knows the challenges firsthand. As a founder with a track record of building healthtech companies, he’s lived through the hurdles that come with innovating in the medtech space.In this episode, Omar dives into the highs and lows of his entrepreneurial journey, sharing key lessons, pivotal moments, and the strategies that helped him succeed. From tackling complex healthcare issues to navigating the regulatory maze, Omar breaks down what it takes to make a lasting impact in medtech.Join us for an inside look at the future of health tech and why it’s the perfect time for the next generation of entrepreneurs to get involved.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

Why does software composition analysis matter beyond regulatory compliance?This episode explores SCA (Software Composition Analysis) and explains how SBOMs (Software Bill of Materials), SOUP (Software of Unknown Provenance), and related tooling fit into the broader medical device cybersecurity landscape. Christian and Trevor clarify common misconceptions, including licensing fears, machine-readable requirements, and the role of static testing tools.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What past ransomware and medical device incidents might reveal gaps that manufacturers are still overlooking today?In this episode, Christian and Trevor examine real incidents where cybersecurity failures, software flaws, and insecure medical devices led to patient harm and death. They break down how ransomware attacks, implantable device vulnerabilities, and AI-driven therapies expose life-critical risks in healthcare. The conversation highlights why regulators are increasing scrutiny and why cybersecurity must be treated as a patient-safety imperative, not an afterthought.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

MedTech developers, do you know which penetration testing methodology the FDA actually prefers for medical device submissions?In this episode, Christian and Trevor explain the differences between black, grey, and white box penetration testing and how each impacts the completeness and realism of cybersecurity assessments. They highlight why regulators increasingly expect deeper testing supported by source-code-level insights. They also outline the risks, costs, and delays manufacturers face when choosing insufficient testing approaches during FDA submission.Key points:(01:25) Learn how black box testing mimics an attacker with no prior knowledge.(06:27) How grey box testing blends limited credentials, architecture insight, and direct communication with engineers to expand visibility.(08:29) Why white box testing includes access to full documentation, processes, and source code.(10:20) How attacker timeframes differ from tester timeframes.(11:29) How the FDA’s static analysis, SBOM, and risk evaluation requirements tie naturally into white box testing workflows.(15:06) Learn why choosing black box testing to save money often results in higher total costs after FDA rejection.(17:47) Hear why “buy once, cry once” applies to penetration testing.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.comIf you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-sessionChristian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1Feedback? Questions? Contact: https://bluegoatcyber.com/contact/Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficialThe Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.Subscribe via Spotify: https://open.spotify.com/show/5ol62ROdF6mBfwOFqKFHmhSubscribe via Apple Podcasts: https://apple.co/483OJ9ISubscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

What risks do you take when cybersecurity is left off your development roadmap?In this episode, Christian, Trevor and guest Jim Goodmiller explore how cybersecurity intersects with regulatory expectations and quality systems, creating new challenges and opportunities for medtech innovators. Jim helps to explain why founders must integrate cybersecurity from concept through commercialization, especially as FDA scrutiny increases.Key points: 00:48 Why cybersecurity now influences every part of the regulatory landscape.04:48 How technologies can create serious safety and compliance risks when not fully vetted.10:45 Cybersecurity as a mandatory component of regulatory planning.14:52 The need for iterative penetration testing 22:16 Challenges of upgrading legacy devices25:37 Avoiding serious legal consequences.29:29 Preparing a complete roadmap for investor confidence 40:08 The role of communicationThe Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Jim Goodmiller for being on the show. Connect with Jim on LinkedIn: https://www.linkedin.com/in/jimgoodmiller/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest...

Medtech innovators and medical device manufacturers, how can you prevent cybersecurity deficiencies from delaying your FDA submission?In this webinar, Christian Espinosa, CEO of Blue Goat Cyber, and Trevor Slattery, CTO of Blue Goat Cyber, reveal the most common reasons FDA cybersecurity submissions fail and how you can avoid them. They explain the importance of early risk management, security-by-design practices, and comprehensive testing aligned with NIST and AAMI frameworks. Explored in this webinar: 00:37 Why poor cybersecurity is a top reason for FDA medical device rejection.02:56 The FDA’s total product lifecycle approach.05:18 Why risk management must start before design. 07:35 How AAMI TR57 and ISO 14971 interact to assess patient harm. 10:51 The FDA requirement for traceability among functional, nonfunctional, and security requirements. 16:16 Why cybersecurity testing must cover the entire product (mobile, cloud, etc.).23:33 Why inadequate documentation for critical controls (authentication, logging, encryption) often causes FDA deficiencies.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity...

MedTech manufacturers, how can you avoid the cybersecurity pitfalls that most often lead to FDA rejection?In this episode, Trevor puts Christian “in the hot seat” to tackle the most common—and sometimes misunderstood—cybersecurity questions MedTech innovators ask. Christian breaks down key concepts such as ISO 13485, HIPAA vs. FDA expectations, SAMD vs. SIMD, global regulatory demands, and more. Key points: (00:30) The purpose of ISO 13485 and why traceability, quality, and documentation are foundational to medical device safety.(02:34) How cybersecurity is now the most common reason FDA reviewers reject medical devices.(04:32) Why HIPAA focuses on patient data while the FDA focuses on patient safety.(07:21) Which global regulators impose the strictest cybersecurity requirements and how FDA and China differ.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast. Subscribe via Spotify:

What are the 18 required cybersecurity deliverables for a pre-market submission, and how do they map to eSTAR’s 13 sections? This episode breaks down the cybersecurity deliverables required for an FDA pre-market submission and explains why they apply consistently across all device types. Christian and Trevor walk through each deliverable in detail, outline how they map to eSTAR v6.0, and highlight common misconceptions that slow down manufacturers. Key points: (00:33) Why all devices—high-risk or low-risk—must submit the same 18 cybersecurity deliverables to the FDA.(01:41) How device complexity influences documentation depth even though the deliverables never change.(04:42) How the 18 deliverables map to the 13 sections of eSTAR version 6.0. (09:50) The risk management report, threat model, risk assessment, and SBOM requirements.(17:41) How to evaluate and categorize unresolved anomalies.(20:04) How manufacturers should track remediation timelines and vulnerability density.(23:52) The cybersecurity management plan and the extensive post-market responsibilities expected by the FDA.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern...

MedTech manufacturers, how prepared are you to monitor vulnerabilities continuously once your medical device reaches the market? Also, would you like a free checklist for your Cybersecurity Management Plan? (See link below!) This webinar dives into how medical device manufacturers should build, maintain, and document postmarket cybersecurity programs that align with FDA expectations. Christian and Trevor outline critical requirements such as continuous SBOM monitoring, testing timelines, update processes, CVD workflows, and secure communication standards. Topics explored: (03:14) How the FDA's definition of "cyber device" includes devices with Wi-Fi, Bluetooth, USB, RFID, and NFC connectivity.(05:19) Recent FDA guidance changes, including updated cybersecurity expectations.(10:30) Cybersecurity management plan personnel: compliance officer, product owner, postmarket owner, and authorizing official.(12:30) Static testing, SBOM analysis, penetration testing, and vulnerability assessments. (17:50) Security testing expectations and frequencies. (20:30) Patching, update processes, and remediation timelines. Download your free Cybersecurity Management Plan Checklist: https://bluegoatcyber.com/wp-content/uploads/2025/09/Blue-Goat-Cyber-Postmarket-Management-Checklist.pdf This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube:

In the MedTech space, how can you leverage market intelligence and machine learning for business development and sales enablement? In this episode, Christian and Trevor talk with Kevin Saem about how market intelligence and cybersecurity intersect in the MedTech space. They unpack how AI and data-driven insights are transforming sales enablement, investor confidence, and device security. They also discuss regulation delays, startup runway challenges, and the growing need for proactive cybersecurity. Kevin Saem founded Zapyrus, a SaaS platform that helps MedTech service providers supercharge sales through AI-driven market intelligence.Key points: (04:20) Why medtech lags five years behind pharma in regulation and sales sophistication.(06:30) How Zapyrus uses machine learning to identify market signals and automate sales research.(08:45) Why regulatory clarity in Europe is fueling more medtech investment than in the U.S.(12:00) How AI and connected devices are making cybersecurity a top concern for investors.(19:07) What the Illumina case and AI therapy failures reveal about industry accountability.(26:30) How medtech founders can self-regulate.(32:40) When companies should start building scalable sales systems. Thanks to Kevin Saem for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevin-saem/ Learn about Zapyrus, a sales system for MedTech service providers: https://welcome.zapyrus.com/ The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Feedback? Questions? Contact:

In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.Key points: (03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.(05:11) Why high-quality software inherently includes cybersecurity.(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.(16:09) Why some manufacturers avoid updating medtech devices, and how that hurts long-term device security.(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to Randy Horton for being on the show. Learn more about Orthogonal: https://orthogonal.io/ Connect with Randy on LinkedIn: https://www.linkedin.com/in/randyhorton Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Trevor Slattery on LinkedIn:

What options do MedTech manufacturers have to bring older devices up to modern cybersecurity standards? Also, how does the FDA’s latest guidance change the process for updating legacy devices?In this episode, Christian and Trevor break down the evolving challenges of managing cybersecurity for MedTech legacy devices. They explain how the FDA’s recent guidance updates create new pathways for handling older devices without requiring full redesigns. Together, they explore practical steps manufacturers can take—like penetration testing and postmarket monitoring—to stay compliant and proactive about security risks.Key points: (02:13) How the FDA defines legacy devices and why updates to older equipment pose unique challenges.(03:47) Why simply replacing old devices isn’t realistic for many healthcare organizations.(05:00) How encryption standards evolve and why older devices often can’t meet modern security expectations.(06:25) The FDA’s distinction between controlled and uncontrolled risk. (09:02) The FDA’s reduced burden pathway for legacy devices.(11:07) Best practices for postmarket management plans. The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare...

How can security architecture views strengthen a medical device manufacturer’s FDA submissions?This episode/webinar dives into the four critical security architecture views required by the FDA: global system, multi-patient harm, updatability and patchability, and secure use case views. Christian Espinosa and Trevor Slattery explain how each view strengthens product security while aligning with regulatory expectations. They also share practical strategies and examples, from cloud environments to physical updates, highlighting how proper documentation and foresight can mitigate real-world risks.Highlights: (01:19) Learn why the FDA requires four specific security architecture views and how they support threat modeling.(03:10) Understand how integrating security into architecture views reflects secure coding and DevSecOps practices.(04:15) Discover how global regulators beyond the FDA use similar documentation requirements.(07:52) Explore why global system views must include both software and hardware components as well as data flows.(11:02) The distinction between global system views and multi-patient harm views. (14:36) Common vulnerabilities like hard-coded credentials that can lead to multi-patient harm.(19:18) The risks of over-the-air updates versus physical updates for medical devices.This episode was brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial The Med Device Cyber Podcast is your essential resource for...

How can AI literacy reduce patient risk in healthcare settings? In this episode, Christian Espinosa and Trevor Slattery are joined by Dr. José Acosta. Together, they unpack the promise and pitfalls of artificial intelligence in healthcare—from the accuracy gap in diagnostics to the importance of ethics, alignment, and training. The conversation explores how clinicians can harness AI safely, ensuring innovation never comes at the cost of patient trust or care quality.Dr. José Acosta is a retired Navy trauma surgeon turned AI literacy advocate. With decades of experience in medicine and leadership, he’s now helping clinicians understand AI—from how it works to how it should be used responsibly.Key points: (00:57) José’s background as a Navy trauma surgeon and his passion for AI literacy.(02:53) What “AI literacy” really means. (05:00) Why precision matters in medicine, and why 85–95% accuracy in AI models isn’t enough when lives are on the line.(11:20) A chilling example of an AI therapy app that gave a fatal recommendation. (14:16) José predicts a surge in “ambient AI scribes” and explains how they’ll reshape physician workflows. (17:53) AI’s productivity paradox—how new tools can both help and overwhelm clinicians.The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cybercriminals by visiting https://bluegoatcyber.com If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session Thanks to José Acosta for being on the show. Connect with José on LinkedIn: https://www.linkedin.com/in/joseacostasd/ Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1 Feedback? Questions? Contact: https://bluegoatcyber.com/contact/ Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/ Christian Espinosa on YouTube: a...