Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published July 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · with Matt Lemay · July 1, 2025 This episode of The Med Device Cyber Podcast features Matt Lemay, CEO of Lemay.ai, discussing the critical intersection of AI in medical devices and regulatory compliance. The conversation delves into the challenges and opportunities for MedTech manufacturers in adopting AI, emphasizing the often-overlooked aspects of data governance, security, and long-term viability. A key focus is placed on ISO 42001, highlighting its emergence as a certifiable standard for AI management systems and its potential to integrate with existing medical device oversight frameworks. Lemay stresses the importance of considering the intended purpose of AI in medical devices, as it directly impacts certification needs and regulatory strategies. The discussion also covers significant cybersecurity risks, such as improper training data, data sovereignty issues, and the lack of robust version control for cloud-based AI models. The episode further explores the complex question of liability when AI is involved in diagnostic or treatment decisions, drawing parallels with professional engineering certifications and accountability structures. This podcast is a must-listen for product security teams, regulatory leads, and engineers navigating the evolving landscape of AI in medical devices, offering practical insights into secure AI development and deployment.
Key Takeaways
- ISO 42001 is emerging as a certifiable standard for Artificial Intelligence management systems, offering a new pathway for external verification of AI used in medical devices.
- The purpose of Artificial Intelligence within a medical device significantly influences the necessary certification and regulatory strategy, distinguishing between exploratory data science and diagnostic decision-making.
- Critical cybersecurity risks for Artificial Intelligence in medical devices include improper training data, data sovereignty concerns, and the lack of robust version control for cloud-based models that can lead to performance degradation.
- Establishing clear liability for Artificial Intelligence-driven medical decisions is complex, necessitating frameworks akin to professional engineering certifications where an individual is accountable for the design and deployment of intelligent agents.
- When designing Artificial Intelligence for medical devices, it is crucial to consider the deployment environment from the outset, including whether the AI will run on a wearable, smartphone, or in the cloud, to ensure performance and address latency and connectivity challenges.
- To ensure long-term viability and maintain performance, complex Artificial Intelligence models can be converted into simpler math-based representations like polynomials, significantly reducing computational requirements and making them suitable for low-power microcontrollers.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.