LTR 107: A 3-step approach to developing secure medical devices

Summary“Cybersecurity is not something you want to try to just throw in at the last minute. Apply a security-by-design approach to incorporate security thinking and process from the earliest stages.”In this Let’s Talk Risk! conversation, host Naveen Agarwal engages with Jose Bohorquez to discuss the critical intersection of software development, cybersecurity, and risk management in the medical device industry. They explore the importance of mentorship, the challenges faced by startups, and the necessity of integrating cybersecurity from the earliest stages of product development. The conversation emphasizes the need for collaboration and knowledge sharing to navigate the complexities of regulatory requirements and ensure the safety and effectiveness of medical devices.Listen to the full 30-minute podcast or jump to a section of interest listed below. Chapters00:11 Introducing Jose Bohorquez01:18 The Importance of Mentorship in Digital Health02:13 Challenges Faced by Startups in Medical Device Software 03:45 Cybersecurity Issues in Medical Devices05:32 Three-Stage Development Model for Software and Cybersecurity09:00 Understanding Knowledge Gaps in Cybersecurity10:31 Best Practices for Secure by Design Approach14:12 Integrating Safety and Cybersecurity Risk Management17:35 Collaborating for Integrated Risk Management20:09 The Interconnection of Cybersecurity and Safety Risks22:03 Testing for Effectiveness of Security Controls 24:00 Announcements, Key Takeaways and Closing CommentsIf you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.Suggested links:LTR: Medical device cybersecurity now more critical than ever.LTR: It’s time to up our game on medical device cybersecurity. ACHIEVE: Post-market surveillance workshop.Key Takeaways* Mentorship is crucial for learning from others' experiences.* Startups often struggle with regulatory requirements in medical devices.* Cybersecurity must be integrated early in the development process.* A three-stage development model helps organize software and cybersecurity efforts.* Knowledge gaps in cybersecurity can lead to significant risks.* Secure by design principles are essential for effective risk management.* Collaboration between teams is vital for successful product development.* Verification and testing are critical components of cybersecurity.* Understanding vulnerabilities is key to managing risks effectively.* The longer you wait to address cybersecurity, the more difficult it becomes.KeywordsRisk management, cybersecurity, software bill of materials, software development, medical devices, digital health, mentorship, secure by design, product lifecycle, collaboration, verificationAbout Jose Bohorquez, Ph.D.Jose Bohorquez is the President of CyberMed, where he provides Cybersecurity consulting, penetration and fuzz testing, and FDA documentation for Medical Device Manufacturers. He also serves as President at Bold Type, specializing in medical device software development. He holds a Ph.D. in Electrical Engineering and Computer Science from MIT, and an MS in Electrical Engineering from University of Florida. In addition to his professional activities, he mentors Digital Health startups at Endless Frontier Labs, a 9-month program at NYU Stern School of Business. Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.DisclaimerInformation and insights presented in this podcast are for educational purposes only, and not as legal advice. Views expressed by all speakers are their own and do not reflect those of their respective organizations.Parts of this article were created using AI-generated content, which was subsequently reviewed, edited, and fact-checked by the author to ensure accuracy and alignment with our standards. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe