Episode 56 · September 30, 2025 · 44m listen · 11,755 words · ~59 min read

Medical Device Startups and Cybersecurity Challenges with Suzy Engwall | Ep. 39 - Full Transcript | The Med Device Cyber Podcast

Read the complete, searchable transcript of Episode 56 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

Episode summary

In this episode of The Med Device Cyber Podcast, hosts Trevor Slattery and Christian Espinosa are joined by Suzy Engwall, a seasoned healthcare innovation consultant from Healthtech Strategies, to discuss the critical challenges and strategies for getting a medical device to market. Suzy shares her extensive 20-year background in healthcare, which began with a decade in lean transformation inside hospitals before she pivoted to the innovation sector. Frustrated by the institutional inertia and lack of resources that hampered progress within hospital systems, she now dedicates her work to helping startups and innovators navigate the complex healthcare landscape. Her experience spans setting up hospital innovation programs, teaching human-centered design to clinicians, advising startups, and working with investors, giving her a holistic view of the industry. The core of the conversation revolves around the numerous hurdles that medtech startups face, with cybersecurity emerging as a significant but often overlooked roadblock. Suzy explains that while funding is the most obvious initial challenge, the journey is fraught with other complex issues like go-to-market strategy, regulatory compliance, and reimbursement. She emphasizes that many innovators, particularly those coming from outside the healthcare industry, fail to appreciate the nuances of market adoption. A staggering 93% of medtech startups fail, and a primary reason is a lack of product-market fit. This failure stems from not just creating a great product, but understanding the intricate politics of hospital procurement, the lengthy buying cycles, and how a new device impacts existing clinical workflows and financial incentives. For example, a physician champion might love a new technology, but if it's rejected by a value analysis committee or perceived to reduce billable visits, it will not be adopted. The discussion also highlights the evolving role of cybersecurity. It is no longer just about protecting patient data (HIPAA compliance), but also about ensuring patient safety from threats that could manipulate a device's functionality. The hosts and Suzy note that while the FDA has recently implemented stricter cybersecurity regulations, hospitals themselves are raising the bar even higher, creating their own stringent requirements before allowing a new device onto their network. This creates a challenging environment for manufacturers, especially those with legacy devices that were not designed with modern security in mind. The conversation touches on the integration of Artificial Intelligence (AI) into medical devices, which introduces another layer of complexity concerning liability, ethics, and patient transparency. Ultimately, the episode argues that for a medical device to succeed, innovators must address regulatory, clinical, financial, and cybersecurity considerations from the earliest stages of development, rather than treating them as afterthoughts.

Key takeaways from this episode

Cybersecurity is often an afterthought for medtech startups but has become a critical and non-negotiable requirement for both FDA approval and hospital procurement.
A staggering 93% of medtech startups fail, primarily due to a lack of product-market fit and an underestimation of the complexities of market adoption in healthcare.
Successfully selling a medical device to a hospital requires navigating long buying cycles, internal politics, and value analysis committees, which often hold more power than individual physician champions.
The cybersecurity risk for medical devices extends beyond data breaches; it encompasses patient safety risks, where a device's core functionality could be maliciously altered.
Hospitals are increasingly implementing their own cybersecurity standards that can be more rigorous than FDA regulations, creating another significant hurdle for manufacturers.
Innovators must consider the entire healthcare ecosystem, including regulatory pathways, reimbursement models, and clinical workflows, from the very beginning of the design process.
The rise of AI in diagnostics brings new challenges, particularly around liability, as it blurs the lines of responsibility between the physician, the AI developer, and the healthcare institution.
Startups are advised to engage with the FDA early in their development process to understand what claims they can make and what regulatory hurdles, including cybersecurity, they will face.

Full episode transcript

Hello and welcome back to the Med Device Cyber Podcast. Today we're going to be talking about how you can get your device to market. What you need to do, the things you need to think about and how you can make sure you're not letting cyber security slow you down. I'm your co-host Trevor Slattery and I'm joined by our co-host Christian Espinosa. Uh, we also have a very special guest today, Suzy Engwall, I'll let you introduce yourself. Guest: Sure, yeah, thank you guys so much for having me. Um, again, I'm Suzy. Well, I, um, have a small consulting company called Healthtech Strategies. I've been in healthcare for about 20 years now. I actually started in lean transformation inside of a hospital which I did for about 10 years. And, um, it was fantastic trying to make change in healthcare, but it was really hard to do with no money, no technology, no staff and no time. Um, so I made my way over to the innovation side so that we could truly make some change um, about 10 years ago and never looked back. So I've done everything from setting up innovation programs at hospitals to teaching human center design to clinicians and physicians, to mentoring and advising startups, to working with investors, and everything kind of in between. So, I love the space. I'm very passionate about it. I have a little bit of an extra passion for pediatrics and women's health. Um, but I'm happy to be here today. I think this topic is really interesting. I don't claim to know everything about cyber security, which is why I'm thankful for people like you. Um, but I'm I'm happy to be here today and uh, to talk about this with you guys. Host: Awesome. And you're coming to us from California, is that right? Guest: Yep, Southern California. Host: SoCal. I was born in Riverside, which is part of SoCal. Trevor is moving to California. It's kind of like, is that Central or Northern California, San Francisco Bay area? That's kind of Northern. Host: Yeah. I signed a lease as of Sunday. So. Guest: Oh wow. That's huge. Host: Yeah, super excited. Guest: That is huge. That's an expensive area. Host: Yeah, it's uh coming from Arizona though, which is getting more expensive because everyone from California is taking over Arizona. Host: Of course. Host: And but, you know, you don't have all the weather problems. In Arizona, it's either 120 degrees or -5 and there doesn't really seem to be any in between, so. Host: Well, Phoenix is always warm, yeah. Host: Phoenix is always warm. Guest: And you'll you'll love San Francisco, the climate is fantastic. Although, you might get a little bit more rain than you're used to. Host: Yeah. And pretty big uh med tech scene. It seems that I was already out there enough for conferences or events or this that or the other things so save myself a flight once in a while. Guest: Yeah, love it, love it. I I really like it up there. I think, I'm I'm in Orange County, so I'm I'm SoCal, but, um, it is a huge med tech scene and there's always something to do every single night. If you want to go to any kind of an investor event, you'll find one free around every corner. So, it's fantastic place to live in this industry for sure. Host: It's awesome. Isn't there like a SoCal/NorCal, like rivalry that goes on in California? Guest: You know what, I kind of feel like there is. It's weird though 'cause when I talk to people from Northern California, I don't necessarily feel it, but I do think there's a little bit of that like, I I think there's a little bit of NorCal envy down here in SoCal. You know, we have a great ecosystem, but we know that the ecosystem here doesn't get together as much, isn't probably as big, especially with the investor pool, um as maybe Northern California is. So I think we, I have to say, I have a little bit of envy. You know, a lot of times I have friends that are posting about all the fun Medtech events they're going to and the investor events they're going to. I'm like, darn it, it's, it's a short flight, but I can't make it up there tonight. Um, so there's a lot of things that I feel like I missed out on by not being up in the Northern California region. So, for me, it's it's more of an envy than anything. Host: You guys get way better weather though, so at least you have that. Guest: That is true. Our weather is fantastic. You cannot… Host: It's always the same, isn't it? It's like 75 and and sunny.

1 / 13