Explore every episode of the podcast Medical Device Cybersecurity Podcast
| Title | Pub. Date | Duration | |
|---|---|---|---|
| 3. Threat Modeling Medical Devices with Adam Shostack | 18 Feb 2025 | 00:36:22 | |
Medical Devices are getting increasingly complex. We're now dealing with interconnected medical devices with tens of inputs, dozens of connections, and a plethora of connections. How can you handle security in this context? Threat modeling is the process recommended by the FDA in which you discover vulnerabilities, respond to risks, and analyze your work. It's done in a 4 question framework:
To guide us through the intricacies of threat modeling, we have a true luminary in the field, Adam Shostack. Adam is the author of "Threat Modeling: Designing for Security" and "Threats: What Every Engineer Should Learn from Star Wars." He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. With decades of experience delivering security, Adam's insights range from founding startups to nearly a decade at Microsoft. What you'll understand after listening to the episode:
Want to dive even deeper into threat modeling and medical device cybersecurity? 🔹 Stay up-to-date with the latest in medical device cybersecurity with my weekly newsletter atcyberdoctornotes.com 🔹 Explore Adam's groundbreaking work on threat modeling at shostack.org 🔹 Read Adam's latest bookon Amazon Please share with a fellow medical device security pioneer! Securely yours,Cyber Doctor | |||
| 2. Securing Medical Devices from Design to Market with Jose Bohorquez & Mohamed Foustock | 11 Feb 2025 | 00:34:11 | |
Everyone knows cybersecurity in medical devices is important. But how many knowhow to make secure devices? Our two guests Jose Bohorquez and Mohamad Foustok are packed of experience in building medical devices and they share their best practices on how to do so. Here are my top learnings from this one: ✦ Include cybersecurity from the start in architecture - have at least one security-savvy architect to avoid major reworks ✦ Minimize third-party dependencies - each additional library increases security risk and monitoring burden ✦ Match security controls to attacker incentives - attackers operate like businesses and won't spend more than potential gains Want to become even more knowledgeable? 🔹 Get actionable advice on how to secure your medical devices every Thursday from my newslettercyberdoctornotes.com 🔹 Find out more about Jose and Mohamed's work in medical device software development & cybersecurity athttps://boldtype.com/ If you have 10 seconds to give my show a review I will be very happy! Securely yours, Cyber Doctor | |||
| 1. Why cybersecurity mattters? A patient's perspective with Veronica Schmitt | 04 Feb 2025 | 00:34:37 | |
To get us started on this journey, I invited one of the most influential medical device patients in the cybersecurity space. Veronica "Vee" Schmitt is an advocate for cybersecurity in medical devices. Veronica shares her personal journey from experiencing fainting spells at 19 to becoming fascinated with the security of medical devices. Having faced this situation first hand, she understands the struggles that patients go through. Throughout this episode you'll learn about the surprising reality of being a medical device patient in cybersecurity: - Patients are scared of medical devices's cybersecurity risk fueled by the media. - Physicians are not trained on cybersecurity risk. - There are many risks to factor against benefits. Want to receive actionable advice on how to build more secure medical devices? Sign up to my newsletter at cyberdoctornotes.com Find out more about Veronica: http://www.veronicaschmitt.com/ Get involved at the biohacking village: https://www.villageb.io/ Please give my show a review! Securely yours, Cyber Doctor | |||
| 0. Hello! | 03 Feb 2025 | 00:12:24 | |
Hi Folks! This introduction episode is to present the Medical Device Cybersecurity Podcast and myself, your holt, Mathieu “Cyber Doctor” Peteau. Since this episode might be the only one that focuses on me, I'll take advantage of this and your burning questions: 🔹 Timestamps: 01:02 The podcast's mission 02:59 The Importance of Medical Device Cybersecurity 06:17 Introducing the Cyber Doctor 08:05 From Cyber Narratives to Medical Devices 10:38 My Journey in Cybersecurity 11:33 Excitement for the Future Are you passionate about medical device cybersecurity and have amazing ideas on how to improve it? Let’s talk! Reach out to me at mathieu@cyberclinic.io Resources Mentioned: 💡 Weekly actionable Medical Device Security advice: cyberdoctornotes.com I can't wait to share the rest of the journey with you. In the meantime, if you could please subscribe and take a moment to leave a review, I would appreciate it very much. All the best, Your Cyber Doctor. | |||
| 11. FDA mass firing and Medical Devices with Etienne Nichols | 19 Apr 2025 | 00:34:10 | |
The FDA is undergoing massive job cuts. Whether we like it or not, this will undoubtedly change the approval landscape of medical devices. And it already has. My guest Etienne Nichols and I talk about the implications of these changes for Manufacturers and what they can do to remain competitive in this evolving landscape. Etienne Nichols is an all around talent in Medical Devices. He started as a mechanical engineer and is now leading the community of Greenlight Guru with his podcast: the Gobal Medical Device Podcast. On it he welcomes guiests of all fields to share their knowledge on making better devices. More ways to reach us: https://www.linkedin.com/in/mathieupeteau/ https://www.linkedin.com/in/etiennenichols/ I have a newsletter with weekly tips on improving emdical device cybersecurity. You can find it here: http:// cyberdoctornotes.com Episode timestamps: 00:00 FDA dismissals 01:51 About Etienne Nichols 04:09 Dismissal implications 07:28 Making better submissions 13:31 Improving Q&R 18:18 Predictions on submissions 21:12 MEDUFA 26:01 Secrecy in Medical Devices 28:48 AI for submissions 31:51 Best MDMs do this Any questions or feedback I'm very happy to hear your thoughts: mathieu@cyberclinic.io Securely yours, Cyber Doctor | |||
| 10. A Hospital's Perspective on Cybersecurity with Christopher Frenz | 08 Apr 2025 | 00:29:45 | |
Healthcare institutions are the ones buying the medical device, ultimately. Yet, we don't often talk about their cybersecurity demands. Our guest Christopher Frenz has spent most of his career protecting hospitals from cyber attacks. And it's not an easy task. While the landscape evolves every month, medical devices often stay the same for years, if not decade. How do these challenges manifest themselves? And what can a medical device manufacturer do about them? Christopher is the author of many influential publications such as the OWASP Secure Medical Device Deployment Standard, the OWASP Anti-Ransomware Guide, and most recently the CSA Medical Device Incident Response Playbook. Join me on this reality-check conversation where we dive into the other side of the medical device. Securely yours, Cyber Doctor | |||
| 9. MDR versus AI act, GDPR, and NIS2 withe Elisabetta Biasin | 01 Apr 2025 | 00:28:59 | |
Today we're tackling some of the biggest questions around the EU regulations landscape in cybersecurity of medical devices. Our guest is Elisabetta Biasin, a legal researcher specializing in cybersecurity, AI regulation, and EU laws. Elisabetta provides critical insights into the complex regulatory landscape facing medical device manufacturers implementing AI in Europe. She expertly breaks down how multiple frameworks—including the AI Act, MDR, NIS2, and GDPR—overlap and create compliance challenges, explains the specific cybersecurity requirements for AI systems under Article 15, and clarifies how data protection requirements extend beyond just personal data. With real-world examples of potential cybersecurity vulnerabilities in medical devices like pacemakers, this episode delivers essential knowledge for manufacturers navigating the evolving European regulatory environment. Want weekly actionable advice on medical device cybersecurity from yours truly? go here -> http://cyberdoctornotes.com Elisabetta's profile: https://mastodon.social/@bisilisib@eupolicy.social https://www.linkedin.com/in/elisabetta-biasin-550a4711a/ Please share with a friend & rate the show 💚 Securely yours, Cyber Doctor | |||
| 8. Protecting the Organization with Karandeep Singh Badwal | 27 Mar 2025 | 00:30:19 | |
I think you understand how important it is to protect medical devices. But what about the organization that makes the medical device? Well, it has its own security requirements. European legislation such as NIS2 require that MDMs maintain a certain level of security. Plus on top of just following regulation, following basic cybersecurity practices improves the company's ability to withstand attacks and protect its intellectual property. After all, if the Terchnical Files are public, what's to stop someone else to copy your device? Karandeep and I go into what Manufacturers of Medical Devices should do. And cherry on top, most of these measures do not cost money, just a bit of planning. Future you will thank you for having put this work in. Receive 1 actionable tip in your inbox every week: http://cyberdoctornotes.com With a background in pharmaceutical and cosmetic science from De Montfort University, Badwal transitioned early into the medical device sector, holding key roles in regulatory affairs and quality management at companies such as Abbott and St. Jude Medical. His expertise includes ISO 13485, EU MDR, and software as a medical device (SaMD), and he shares valuable insights on LinkedIn and YouTube. Karandeep's contact: karandeep@qramedical.com https://www.linkedin.com/in/karandeepbadwal/ If you liked the episode, please consider sharing it to one friend 💚 Securely yours, Cyber Doctor | |||
| 7. Empower Threat Models with Fun with Christoph Niehoff | 20 Mar 2025 | 00:34:00 | |
There's hundreds of tasks to do before releasing a medical device. What if we could make one of them fun all while being more productive? That's the idea that our guest Christoph Niehoff expanded upon. He created a card game that encourages players to have conversations around the security of the medical device. Join us to understand the benefits of this approach, the rules of the game, and how to make it fit into your medical device organization. In this enlightening episode, we explore how gamification transforms the often tedious process of threat modeling into an engaging team exercise. Christoph shares how his innovative card game bridges communication gaps between technical and non-technical stakeholders while producing more comprehensive security assessments. Learn how this approach not only improves compliance documentation but also builds a stronger security culture within development teams. Whether you're a seasoned security professional or new to medical device development, you'll discover practical ways to implement this game-changing methodology in your own organization. Don't miss this opportunity to turn security from a checkpoint into a collaborative adventure that yields better protected medical devices and more engaged teams. | |||
| 6. Dealing with Unpatable Devices with Matthew Webster | 11 Mar 2025 | 00:31:15 | |
Medical Devices need patching. Whether it's for functionality or security, devices must be able to be updated remotely. But what about those devices that you cannot patch? What are some things manufacturers can do still ensure security? In this episode with guest Matthew Webster, we deepdive into cybersecurity of medical devices keeping in mind the perspective of hospitals. Here are links to check out: Connect with me: https://linkedin.com/in/mathieupeteau Please consider sharing this with a medical device colleague 💚 Securely yours, Cyber Doctor | |||
| 5. Use GxP for More Secure Devices | 04 Mar 2025 | 00:30:08 | |
Why reinvent the wheel? Industry-leading experts have already paved the way for medical device security. By following established good practices, you can ensure the safety and integrity of your devices without unnecessary complexity. My guest, Marina Daineko is a medical device industry expert, specializing in regulatory compliance and quality management. She helps manufacturers ensure patient safety and deliver high-quality products in a rapidly evolving healthcare landscape. Actionable medical device tips: https://cyberdoctornotes.com Marina's LinkedIn: https://www.linkedin.com/in/marinadaineko/ | |||
| 4. What CISA Expects from You with Jacob Barkai | 25 Feb 2025 | 00:28:25 | |
CISA and the FBI have released a report guiding Medical Device Manufacturers on how to code their devices securely. So, what can you do about it? Efforts to improve the security aspects of these languages are already underway. However, they may not offer a complete solution. And while transitioning to newer languages like Rust is an option, it might render existing C/C++ libraries incompatible. What’s the answer? This episode solves the puzzle—and here's a spoiler: it involves strategic planning. With the first deadline set for January 2026 and final submissions scheduled by 2030, these guidelines are set to bring about significant changes. My guest, Jacob Barkai, has over a decade of experience in application development and just as much expertise in tackling security challenges. If you like this episode, please share it with a friend 💚 Securely yours, Cyber Doctor | |||