Episode 50 · December 9, 2025 · 43m listen · 7,566 words · ~38 min read
How Cybersecurity Shapes Regulatory and Quality Success with Jim Goodmiller | Ep. 49 - Full Transcript | The Med Device Cyber Podcast
Read the complete, searchable transcript of Episode 50 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.
Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.
Episode summary
In this episode of The Med Device Cyber Podcast, host Christian Torres and Trevor sat down with Jim Goodmiller from Bio Bridges to discuss the critical intersection of cybersecurity with regulatory and quality success in the medical device industry. Jim Goodmiller, with a unique background blending IT and life sciences, shared insights from his 30 years in consulting, emphasizing Bio Bridges' mission to guide companies from concept to commercialization.The conversation delved into the evolving landscape of medical device cybersecurity, highlighting the FDA's increasing scrutiny and the transition from vague guidelines to clear mandates for cybersecurity plans. They addressed the challenges faced by innovators and CEOs who often prioritize reimbursement and clinical trials over cybersecurity, leading to significant delays and costs if not addressed early. The discussion covered the pitfalls of neglecting cybersecurity in the product development roadmap, the impossibility of achieving perfect security, and the need for continuous iterative testing, such as penetration testing, throughout the device lifecycle. The episode also touched upon the complexities of managing cybersecurity for legacy devices in hospitals and the impact of recent high-profile cases, like the Illumina lawsuit and ransomware attacks, on industry awareness and regulatory enforcement. This episode is a must-listen for product security teams, regulatory leads, and engineers navigating the intricate world of medical device development.
Key takeaways from this episode
Cybersecurity must be integrated into medical device development from the concept phase, not as an afterthought, to avoid costly delays and regulatory setbacks.
The FDA is increasingly stringent, requiring clear cybersecurity plans and roadmaps for product commercialization.
Achieving perfect security in medical devices is unrealistic; manufacturers should expect and plan for vulnerabilities, addressing them through continuous, iterative testing.
Legacy medical devices pose significant cybersecurity challenges, requiring a focused, incremental approach to bring them to modern standards.
High-profile incidents such as the Illumina lawsuit and ransomware attacks underscore the severe consequences of cybersecurity negligence, including financial penalties and patient harm.
Hello and welcome back to the Med Device Cyber Podcast. We have a very special guest today, Jim Goodmiller from over at Bio Bridges. Today, what we're going to be talking about is cybersecurity and how it blends into regulatory and quality. I'll check in with you first, Jim, how are you doing today?
Great, Trevor. Thanks for having me, guys. Excited to be here today. Awesome.
Well, like I said, we're going to go into some cool stuff as far as cybersecurity and how it ties into regulatory, how it ties into quality. I know, Jim, that's a little bit more of your space on that side of things with Bio Bridges. So why don't you tell us a little bit about yourself and a little bit about Bio Bridges on that front?
Sure, happy to. I'm Jim Goodiller, based here in the Chicago area. I've been in the consulting industry for the past 30 years. I've had a split personality where about 60% of my career has been focused on IT technology, with about 40% in life sciences. I've kind of bounced around and seemed to go between the two based on what's going on in the world.
Most recently, for the last decade, it's been focused more towards the life sciences industry, and I've been working with lots of customers of all sizes, helping them kind of navigate all of the challenges and all of the adventures that are known in our industry. That's a little bit about me.
As for Bio Bridges, Bio Bridges has been around for over 20 years. Our headquarters is based in Raleigh, North Carolina. We really like to say that we work with companies to try to help them through their whole process from concept to commercialization by bringing in the right strategic consulting solutions, the right resources to help them accomplish their objectives.
Often, this is on a fractional basis because many times that's where our clients need us to kind of plug in. We tend to be the organization that comes in, does some work, and then gets out. So that's kind of our approach.
I think it's interesting you said a split kind of personality. I don't know the term we use, but you have a little bit of an IT background and a life sciences background. There are not a lot of people in life sciences from my experience that have an IT background.
Yeah, it's really interesting. When I look at the way the world has evolved, I would have never thought back in the early 90s that technology coupled with life sciences would be as prevalent as it is today. But certainly, we're seeing that more and more each and every day. I don't know if you guys have ever heard, there's this product out there called AI.
Obviously, we're seeing tremendous changes take place with AI, and within life sciences, clearly, there are some incredible advantages that AI will capitalize on and help. So yeah, it's kind of an interesting approach when I start looking at how my world has kind of gone full circle. It definitely is helping in today's market.
Yeah, Trevor and I have been talking about AI quite a bit, and I think when you're just talking about AI, there was a movie by Steven Spielberg, I think, called AI that came out a really long time ago, actually. Is it relevant to today? Would I put it on and feel like I'm watching a history play?
It is relevant to today. From what I recall, it's about an AI, kind of a human-like person that somebody falls in love with. There are a lot of stories like that. That sounds more like it, yes.
There are quite a few stories like that, I guess, but it was quite some time ago, like right after ET. So, that era. But, one of the things that we have talked about, and I'm curious to get your opinion, Jim, regarding AI. I feel the life sciences or MedTech industry is not ready for AI, maybe on some specific use cases, but not in a generic or general sense.
What comes to mind is this case that I know is being worked on now where there's a wellness app that has AI enabled that does wellness therapy. With this app, the company that made this application, which falls under the umbrella of a medical device, is being sued because a suicidal patient who was using this app for therapy was told by the app, after two months, "Well, you might as well go ahead and kill yourself." The patient then killed themselves.
So, the patient's family is suing the company that made this app. I think everyone always thinks about AI like how great it is when things go right. But in that situation where things went drastically wrong and it cost somebody their life, talk about patient safety. That's a case, I think, where we're not quite mature enough to understand these edge cases with AI and what the real consequences can be. I'm curious what your thoughts are on that, and then we can get Trevor's thoughts as well.