Listen now
Key takeaways
- Integrate cybersecurity into the software development lifecycle from the outset, adopting a DevSecOps approach.
- High-quality medical device software inherently includes robust cybersecurity measures to ensure patient safety.
- The medical device industry must adapt its traditional engineering mindset to embrace the digital flexibility and continuous updates required for secure software, moving from physical constraints to digital malleability.
- Implement robust update mechanisms in medical devices for crucial security patches and ongoing improvements, aligning with the FDA's recommendations.
- Recognize that regulatory compliance is a baseline; market competitiveness will increasingly drive the adoption of secure and continuously updated software in MedTech.
- Embrace uncertainty and manage risk associated with the digital flexibility of modern medical devices instead of attempting to fully lock down devices post-release.
- Medical device cybersecurity is a fundamental component of product quality, directly impacting patient safety and organizational integrity.
In medical device software development, why should cybersecurity be viewed as an element of product quality, not an add-on?
In this episode, Christian and Trevor speak with Randy Horton of Orthogonal about the future of medical device software development. Together, they unpack how DevSecOps, quality systems, and modern engineering practices can elevate safety and speed innovation in MedTech. From the philosophy behind “move faster and break nothing” to lessons learned from real-world cybersecurity cases, this conversation reframes how medical device teams should approach software design.
Randy Horton is the Chief Solutions Officer at Orthogonal, where he helps MedTech companies build better, safer, and smarter connected devices. A lifelong software innovator, Randy brings profound insight into what it takes to merge cutting-edge tech with the regulated world of healthcare.
Key points:
(03:00) Randy shares how discovering the first web browser set him on a lifelong path of innovation.
(05:11) Why high-quality software inherently includes cybersecurity.
(08:52) Why traditional engineering mindsets struggle with the flexibility of software development.
(12:42) How the “move fast” culture in Silicon Valley clashes with MedTech’s demand for control and safety.
(16:09) Why some manufacturers avoid updating MedTech devices, and how that hurts long-term device security.
(19:49) Randy predicts that born-digital MedTech companies will lead the next wave of innovation, pushing the industry to adapt faster.
Notable quotes
“Cybersecurity must be integrated into the software development lifecycle from the outset, adopting a 'DevSecOps' approach rather than being an afterthought.”
“The medical device industry must transition from its traditional physically constrained engineering mindset to embrace the digital malleability of software, allowing for continuous updates to address cybersecurity.”
“Quality software inherently includes cybersecurity; a medical device that can be hacked and harm a patient is not a quality product.”
“Implementing robust update mechanisms in medical devices, as recommended by the FDA, is crucial for deploying security patches and receiving ongoing improvements.”
Frequently asked questions
More episodes
Keep listening
-
Episode 70
Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co
With Zoltan Kevei
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati
-
Episode 68
Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies Limited
With Michael Branagan Harris
-
Episode 67
De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
With Brent Lavin