How can medical device companies own their data without compromising security?
In this episode, Kevin Derr from NeuronSphere joins Christian and Trevor to dive into the intersection of cybersecurity, compliance, and innovation in the MedTech world. They also explore why data ownership and secure system architecture are foundational for FDA compliance and patient safety.
Key points:
(0:47) From Big MedTech to Startup
-
Kevin shares his journey from Stryker and J&J to co-founding NeuronSphere, which was built to simplify the creation of compliant data products for MedTech engineers.
-
NeuronSphere is like a toolkit allows companies to retain full data ownership while meeting FDA and cybersecurity requirements.
(5:21) Ownership, Trust, and Compliance
-
Vendor solutions often fall short during V&V, triggering costly compliance upgrades.
-
NeuronSphere keeps ownership and compliance within the manufacturer's own infrastructure.
(11:12) Misconfigurations and Human Error
-
Misconfigured S3 buckets and default credentials are common sources of breaches.
-
Even the FBI and CIA have faced major data exposures from simple mistakes.
-
Human error remains the biggest vulnerability.
(17:00) Balancing Security and Functionality
-
FDA’s focus is patient safety and effectiveness, not just data protection.
-
Secure coding is often deprioritized due to deadlines and lack of training.
(33:21) FDA Guidance
-
The new FDA cybersecurity guidance is moving security discussions earlier in the development lifecycle.
-
Startups are now forced to consider data flow and security posture before first-in-human trials.
Thanks to Kevin Derr for being on the show. Connect with Kevin on LinkedIn: https://www.linkedin.com/in/kevinderr/
Learn about NeuronSphere: https://www.neuronsphere.io/
The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity professionals specializing in providing elite cyber solutions for medical devices. Learn more about securing your product and business from cyber-criminals by visiting https://bluegoatcyber.com
If you’re interested in our services or partnering with us, schedule a Discovery Session: https://meetings.hubspot.com/blue-goat-cyber/discovery-session
Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Technology Officer / Director of MedTech Cybersecurity at Blue Goat Cyber.
Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/
Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/
Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/
Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/
Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber
Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9
Feedback? Questions? Contact: https://bluegoatcyber.com/contact/
Learn more about Christian Espinosa, buy his books, or invite him to speak on your stage: https://christianespinosa.com/
Christian Espinosa on YouTube: http://www.youtube.com/@ChristianEspinosaOfficial
The Med Device Cyber Podcast is your essential resource for medical device cybersecurity. Each episode we dive into the latest threats, solutions, and best practices to protect modern healthcare technology. Whether you're a provider, a manufacturer, or a cybersecurity professional, gain the knowledge to safeguard patient safety by subscribing to the Med Device Cyber Podcast.
Subscribe via Spotify: https://spoti.fi/3XX95g0
Subscribe via Apple Podcasts: https://apple.co/483OJ9I
Subscribe via YouTube: https://www.youtube.com/@BlueGoatCyber/podcasts