Deep dives on FDA expectations, threat modeling, penetration testing, SDLC, and the standards your team is being asked to meet.
Showing 12 of 360 articles · Page 1 of 30
In this episode of The Med Device Cyber Podcast, host Christian Espinosa and guest Michael Branagan Harris of HealthTech Strategies delve into the intricate world of market access for medical devices, emphasizing that regulatory approval is merely the first step. Michael, with 37
Read article
In this interview, Brent Lavin of Ironwood MedTech Partners, discusses de-risking product decisions for MedTech startups, especially when it comes to medical device cybersecurity and regulatory compliance. He emphasizes the importance of deeply understanding customer needs and th
Read article
This episode of The Med Device Cyber Podcast features Varun Turlapati of Chaanakya Capital, offering an investor’s perspective on the MedTech landscape, particularly in neurotechnology. Turlapati emphasizes the critical importance of foundational science and technology in early-s
Read article
In this essential episode of The Med Device Cyber Podcast, hosts Trevor Slattery and Christian Espinosa, joined by special guest Jake Rodriguez of Triangle Tech, delve into the burgeoning role of AI in medical device cybersecurity, marketing, and software development. The discuss
Read article
This episode of The Med Device Cyber Podcast features Rob Bedford, CEO of Franklyn Health, discussing the critical role of Contract Research Organizations (CROs) in medical device development. The conversation highlights the unique challenges faced by small MedTech startups, espe
Read article
FDA clearance is the beginning of your cybersecurity obligations, not the finish line. Postmarket cybersecurity for medical devices is an active, continuous requirement that most manufacturers underestimate until a problem forces their hand. Most invest significant resources building premarket docum
Read article
When penetration test reports are vague, incomplete, or written to enterprise IT standards rather than medical device requirements, FDA reviewers issue deficiencies that can delay clearance, sometimes requiring a full re-test before you can respond. If you're selecting a provider for medical device
Read article
Receiving an FDA cybersecurity Additional Information Request (AIR) doesn't mean your submission is dead. It means the clock is ticking, and the next move has to be precise. FDA issues these requests when reviewers find specific, documented gaps in your cybersecurity package, and they expect every g
Read article
Here's a pattern Blue Goat Cyber sees regularly: a medical device manufacturer arrives at premarket submission with an ISO 27001 certificate in hand, convinced their cybersecurity story is complete. Weeks later, a deficiency letter arrives. The FDA isn't questioning their information security postur
Read article
If you're asking how to conduct a cybersecurity threat model for a connected or implantable medical device, the first thing to understand is that this is not the same exercise as modeling a web application or enterprise network. The stakes are categorically different. A missed attack vector on a hos
Read article
Connected medical devices are no longer a niche security concern. They are active targets, and regulators know it. The FDA's 2026 cybersecurity guidance makes clear that a spreadsheet of generic risks is insufficient for premarket submissions. Manufacturers need a structured method for deco
Read article
Understanding what causes the FDA to issue a cybersecurity deficiency for medical devices starts with one uncomfortable truth: most deficiencies have nothing to do with a bad device. The device might be perfectly secure. The submission just didn't prove it. FDA reviewers work from documentation, not
Read article30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ submissions.
