Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published September 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · with Karandeep Singh Badwal · September 30, 2025 In this episode of The Med Device Cyber Podcast, hosts Christian Espinosa and Trevor Slatterie talk with Karandeep Singh Badwal, founder of QR Medical and host of The MedTech Podcast, about the crucial balance between innovation and regulation in the medical device industry. They discuss common challenges faced by companies developing software and AI-driven medical devices, particularly regarding design controls, cybersecurity, and the often-overlooked aspect of data validation in AI models. Karandeep highlights the importance of adopting a quality management system (QMS) early in the development cycle, even a partial one, to avoid costly retrospective fixes. The conversation delves into the dated nature of IEC 62304 and the critical distinction between software verification and validation. The speakers emphasize that success in the MedTech space requires a mindset shift: viewing a product as a medical device that *happens* to have software, rather than a software product that *happens* to be a medical device. They also explore the high failure rate of MedTech startups, attributing it to factors beyond just regulatory hurdles, such as market research, reimbursement strategies, and the prohibitive costs of development. The episode concludes with actionable advice for innovators to conduct thorough market research, understand regulatory pathways like 510k, and integrate quality and cybersecurity from the outset to avoid pitfalls and ensure product safety and market viability.
Key Takeaways
- Companies developing software and AI-driven medical devices often struggle with a lack of proper design controls and cybersecurity considerations early in the development process.
- The industry needs to shift its mindset from being a software company that happens to be a medical device company to being a medical device company that happens to use software.
- While standards like IEC 62304 provide a foundational framework for secure software development, they are dated and do not fully address the complexities of modern AI and standalone software medical devices, especially regarding validation.
- Implementing a quality management system and considering regulatory requirements and cybersecurity from the initial stages of product development is more cost-effective and efficient than trying to retroactively fix issues.
- A significant factor in the high failure rate of MedTech startups is not just regulatory hurdles, but also a lack of thorough market research, clear reimbursement strategies, and understanding the practical adoption challenges within healthcare systems.
- Quality and regulatory processes should be viewed not as stifling innovation, but as providing a necessary framework to develop safe and effective medical devices.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.