Skip to main content
    Back to episode
    Episode 18 · January 30, 2025 · 40m listen · 4,381 words · ~22 min read

    FDA AI Guidance Explained: What It Means for Medical Device Cybersecurity | Ep. 9 - Full Transcript | The Med Device Cyber Podcast

    Read the complete, searchable transcript of Episode 18 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

    Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

    Episode summary

    In this episode of The Med Device Cyber Podcast, hosts Christian Espinosa and Trevor Slattery of Blue Goat Cyber delve into the critical and timely topic of Artificial Intelligence (AI) in medical devices. They explore the unique cybersecurity risks that AI introduces into the healthcare technology landscape, offering insights for medical device manufacturers. The discussion begins with a brief look at the history of AI, tracing its roots back to early applications like Microsoft's 'Clippy' from 1997, to illustrate that AI concepts have been evolving for decades. The hosts clarify the distinction between the broader field of Artificial Intelligence, which aims to replicate human intelligence, and Machine Learning (ML), a subset where systems are trained on data to perform specific tasks and improve over time. This foundational understanding sets the stage for a deeper analysis of the vulnerabilities inherent in AI-driven systems. The core of the conversation revolves around the new attack vectors and risks specific to AI models. Espinosa and Slattery break down several key threats, including 'data poisoning,' where malicious actors intentionally feed a model corrupt or misleading data to compromise its integrity, a concept they summarize with the classic programming axiom, "garbage in, garbage out." They also discuss 'model inversion,' an attack that attempts to reverse-engineer the AI model to extract confidential information from its training data, such as Protected Health Information (PHI). Another significant concern is 'model bias,' where an AI develops skewed or inaccurate outputs because its training data was not sufficiently diverse. For example, an AI trained primarily on images of one type of tumor may fail to correctly identify others, leading to dangerous misdiagnoses. The hosts also touch upon 'performance drift,' a phenomenon where a model's accuracy degrades over time as new, real-world data deviates from its original training set. Throughout the discussion, the hosts provide actionable guidance for medical device manufacturers to mitigate these risks. They emphasize the principle of implementing 'security early and often' by integrating cybersecurity considerations into the very beginning of the product development lifecycle, rather than as an afterthought. Key recommendations include meticulously curating and labeling diverse training datasets to avoid model bias, establishing a solid performance baseline for the AI, and conducting continuous post-market monitoring to detect performance drift and other anomalies. They also highlight the importance of creating 'guardrails' for the AI, such as programming it to state "I don't know" when faced with data outside its expertise, to prevent it from making confident but incorrect guesses (hallucinations). This approach aligns with recent FDA guidance and underscores the necessity of a comprehensive, lifecycle-based strategy to ensure the safety, effectiveness, and security of AI-enabled medical devices.

    Key takeaways from this episode

    • Artificial Intelligence (AI) and Machine Learning (ML) are not the same; ML is a subset of AI where a model learns and improves from a training dataset to perform a specific task.
    • The integrity of an AI model is heavily dependent on the quality of its training data; biased or incomplete data can lead to 'model bias,' resulting in inaccurate and potentially harmful outputs.
    • AI-enabled medical devices are susceptible to unique cyberattacks, including 'data poisoning' (corrupting training data) and 'model inversion' (extracting sensitive data from the model).
    • AI models can experience 'performance drift' over time, where their accuracy degrades as they encounter real-world data that differs from their original training set, necessitating continuous post-market monitoring.
    • A fundamental principle for manufacturers is to integrate cybersecurity 'early and often,' making it a core part of the design and requirements phase, not a late-stage addition.
    • To mitigate risks, AI models should be trained on diverse and accurately labeled datasets and have 'guardrails' to prevent them from making confident guesses on unfamiliar data.
    • The history of consumer-facing AI dates back further than many realize, with examples like Microsoft's 'Clippy' assistant emerging in the late 1990s.
    • Confidentiality is a major concern, as attackers can attempt to reverse-engineer AI models to access the underlying training data, which may include proprietary information or PHI.

    Full episode transcript

    Page 1 of 6· Paragraphs 1 - 22
    Christian: Hi, welcome back to the Med Device Cyber podcast. Today we're going to be talking about an important topic AI, specifically AI medical devices and some of the risk that AI introduces. We'll also be talking about a little bit about the history of AI. We'll go back to 1997 when AI was first came out. A lot of people don't realize it. And we'll talk about what manufacturers can do to help secure their devices that have AI in them and we also talk of a little bit about some of the attacks on AI and some of the guidance on AI. So, I'm your host Christian Espinosa. I'm here with Trevor Slattery. How's it going today, Trevor? Trevor: It's going pretty well. How are you doing today? Christian: You know, I did bookkeeping last night. I watched a little bit of our last episode and I had nightmares about bookkeeping, but I did it last night and did not have nightmares. But I took um, some magnesium before I went to bed and I think it helps me sleep better. Trevor: Yep. Yeah, do you have that, what's that powder called? It's Calm or something like that? Christian: You know, I used to take Calm, the, the gummies, but they stopped selling the gummies. I used to get them at Whole Foods. I don't like the powder. Trevor: Oh, they sell them at the Whole Foods here. Christian: The gummies? Trevor: Yeah. Christian: Okay. I should check, check again. I thought they'd stopped making it with the gummies. Trevor: Yeah, I guess you got to check it out. Christian: Yeah, I've been trying to balance my energy. So like, in the morning, I have like coffee with uh brain octane oil, just like MCT oil. And then if I have the right kind of nitro cold brew around 1 p.m., uh I, I, I have energy the whole day. But then I'm like a little bit wired, so I have to take magnesium to go to sleep. But uh if I have the wrong kind of cold brew, like the only certain brands I can drink, if I have the wrong one, I get super irritable the rest of the day. So it's like this, this balancing act, you know? Trevor: Huh. What's the right brand? Christian: Uh it's a Modern, Modern Times in San Diego. They only have it at Whole Foods. I tried to order it on Amazon, but they don't have it on Amazon. And every time I go to Whole Foods, they're like out of it. So I, I, if I, if they have it, I buy like every one of them they have. Trevor: There you go. Yeah, I've been getting these yerba mates at whole foods. They're it's I think it's Peruvian or Brazilian or something like that, but super strong tea and uh I can't have any after like 9:00 AM or I won't sleep at night, but hey, it works great in the day. Christian: Oh awesome. Well, I guess we're caffeinated and and wired so we can start the podcast talking about AI. So, let's, let's kind of start at the beginning and define what AI. I think there's a lot of ambiguity and confusion about AI, like what it is and how it relates to ML or machine learning. Uh do you want to like explain AI to our listeners, Trevor? Trevor: Yeah, I think that AI and machine learning are used interchangeably incorrectly. Um they are similar and connected, but they're not the same. So AI, artificial intelligence is exactly that. It's something that is trying to replicate human intelligence and human behavior, human process. Um, machine learning is essentially trying to get a computer to train itself to perform a specific task. So, machine learning is effectively a type of AI, but not all AI is machine learning, if that makes sense. Christian: Yeah, that makes sense. And I know we did a little prep for the podcast and you mentioned Clippy as one of the first AIs and we, we confirmed that. And I, I looked it up and Clippy was manufactured or I guess created by Microsoft in 1996 and came out with Office 97. So it's been almost 30 years. Do you, do you remember Clippy or did you ever use Clippy? You seem to know a lot about Clippy, but I don't know if you used it before. Trevor: I caught the tail end of Clippy back in uh, I guess that was Windows Vista. And that was kind of right when they sunsetted Clippy. Christian: Yeah, so Clippy was that, that paper clip that if you're trying to do something, it would like pop up on your screen right and tell you like, "Hey, it looks like you're trying to do this, how can we help you?"
    1 / 6