Reviewed by Christian Espinosa, MBA, CISSP · Founder & CEO
Published September 2025 · Last reviewed May 2026
The Med Device Cyber Podcast · with May Lee · September 30, 2025 In this episode of The Med Device Cyber Podcast, hosts Trevor Slatterie and Christian Espinosa, joined by May Lee from CS Life Sciences, delve into the evolving landscape of cybersecurity in MedTech. The discussion highlights the critical shift towards integrating security into the design phase of medical devices, rather than as a post-launch consideration. May Lee, with her expertise in AI and machine learning, elucidates the unique regulatory challenges posed by AI integration in medical devices, emphasizing the need for robust data privacy and security measures from conception. The episode also provides a comparative analysis of the FDA's cybersecurity guidance and the EU MDR, noting the FDA's prescriptive clarity versus the EU's more generic, standard-reliant approach. A significant portion of the conversation is dedicated to the emerging threat of quantum computing to health data, exploring concepts like 'harvest now, decrypt later' and the future of quantum-safe encryption. The experts underscore the importance of a comprehensive total product lifecycle approach, including third-party risk management and supply chain security, to navigate the complexities of global medical device regulations.
Key Takeaways
- Medical device cybersecurity is shifting from a post-launch concern to a secure-by-design imperative, integrating security requirements into the initial design control.
- The FDA's cybersecurity guidance is often more prescriptive and clear compared to the EU MDR, which relies on broader standards like IEC 62304.
- Quantum computing poses a significant future threat to healthcare data security, necessitating a proactive approach to quantum-safe encryption and secure environments.
- A pragmatic, risk-based approach to security and compliance is crucial, focusing on essential requirements rather than over-compliance, to facilitate timely market entry.
- Engaging regulatory and technical consultants as early as the ideation or feasibility stage is critical for developing a cost-effective roadmap, navigating complex regulations, and accelerating time to market.
- Total product lifecycle security requires comprehensive third-party risk management, extending beyond software bills of materials to include hardware components and supply chain integrity.
Listen on mdcpodcast.com · Watch on YouTube
Listen to this episode
Want help applying this to your own device program?
Blue Goat Cyber is a specialist medical device cybersecurity firm: 250+ FDA submissions, zero rejections. If anything in this conversation hit close to home, book a 30-minute strategy session - no cost, no obligation.