MedTech cybersecurity, September 2025.

We're proud to recognize Jordan John, who manages global regulatory compliance activities and authors robust FDA cybersecurity submissions for cutting-edge medical device technologies. With more than a decade of leadership in Regulatory Affairs & QA at innovative startups and multinational medical device companies, Jordan brings deep knowledge in navigating complex regulatory landscapes. He has co-developed two postgraduate Regulatory Affairs programs and served as Professor for multiple courses in Regulatory Affairs and Cybersecurity Compliance. Jordan: "I am so honored to work with such an excellent team at Blue Goat Cyber, where our shared mission is to protect patients and support innovation in healthcare."

The FDA's new agency-wide AI tool, Elsa - launched earlier this summer - is poised to revolutionize medical device oversight by accelerating regulatory reviews, enhancing transparency, and strengthening postmarket monitoring. Elsa accelerates clinical protocol reviews, shortens scientific evaluations, identifies high-priority inspection targets, performs faster label comparisons, summarizes adverse events, and even generates code to support nonclinical database development. Jordan John: "The FDA's new Elsa AI tool marks a turning point for MedTech regulatory governance - the agency can more rapidly identify emerging risks, including cybersecurity vulnerabilities in devices, while ensuring stricter compliance."

Stroke remains one of the world's most devastating health crises - taking more than 3 million lives every year and affecting over 7.8 million U.S. adults in 2025 - yet up to 80% of cases could be prevented with better diagnostics and timely interventions. Vena Medical is addressing this with the Vena MicroAngioscope - the first device to deliver full-color, real-time visualization directly inside veins and arteries, enabling physicians to precisely navigate complex vascular anatomy, rapidly detect clots, and achieve superior neurovascular outcomes. Its recent FDA Breakthrough Device designation highlights both clinical potential and an accelerated path to market.

Nearly 200,000 IoT-enabled medical devices were found to be vulnerable due to misconfigurations such as default passwords and open internet connectivity, leaving hospitals and clinics exposed to remote hijacking - with risks ranging from tampered patient data to disruptions in critical care. Reported around September 5–9 by HHS through its Office for Civil Rights, this threat underscores the urgency for vigilance. Clinicians, IT teams, and device manufacturers must monitor for unpatched firmware and unsecured network ports, adopting Zero Trust architectures and regular audits as recommended by the FDA.

• October 1: Christian Espinosa speaks at MedTech World Singapore - a one-day forum co-hosted with KPMG, designed as a strategic market-entry platform connecting hospital executives, policymakers, service providers, and innovators from across ASEAN and India.
• October 5–8: AdvaMed's MedTech Conference in San Diego - Booth 231.
• October 15–16: Sponsoring DeviceTalks West in Santa Clara - Booth 205.
• November 12–14: Christian Espinosa speaks at MedTech Malta 2025 in Valletta - Booth G005.

Q: Many MedTech innovators design for performance and compliance - but what's the biggest cybersecurity blind spot in medical device development that could still put patients at risk? A (The Goat): The danger usually isn't in your code - it's in the third-party components you didn't build. Most devices rely on open-source libraries or vendor modules, but without a complete SBOM, you have no idea what vulnerabilities are lurking inside. If even one of those components is exploited, your device - and your patients - are exposed. You can't patch what you don't know exists.