The Hidden Reason Medtech Products Get Recalled (It's Not Quality Issues) with William Jin | Ep. 55

In this episode of the Med Device Cyber Podcast, hosts Trevor Slattery and Christian Espinosa are joined by special guest William Jin, a seasoned expert with over 30 years of experience in the medical technology industry. With a background as a medical doctor in Shanghai and extensive work with major companies like Medtronic and Stryker, Mr. Jin now specializes in bridging the gap between the Chinese and international MedTech markets. The discussion centers on the complexities and opportunities of navigating the world's two largest medical markets: the United States and China. The episode opens by highlighting the phenomenal growth of the Chinese market, which has rapidly become the second-largest globally and shows no signs of slowing down. This growth presents a significant opportunity for both international firms looking to enter China and for Chinese companies aiming for global expansion. Mr. Jin provides a nuanced perspective on the challenges faced from both directions. He observes that many of the 1.5 million MedTech companies in China are not yet prepared for the rigorous demands of US or European markets, citing gaps in regulatory knowledge, intellectual property strategy, and cybersecurity preparedness. Conversely, he details the significant hurdles for Western companies entering China. A primary argument is the necessity of planning for target markets from the very beginning of the product development lifecycle. Critical design choices made early on, such as selecting a cloud platform, can have massive downstream consequences. For example, a device built on Google's cloud platform is entirely unviable in China, where Google is banned, necessitating a costly and time-consuming redesign on an approved platform like Alibaba Cloud or a China-based Amazon server. The conversation also emphasizes the increasing importance of cybersecurity, not as a feature to be added later, but as a foundational element from "design to disposal." With evolving regulations, strict data sovereignty laws in China, and the rising number of product recalls due to cybersecurity flaws, the hosts and guest conclude that a proactive, market-specific cybersecurity strategy is no longer optional but essential for success in the global MedTech landscape.

Host: You don't want to spend all of this time, spend all of this money creating a product you're not actually going to be able to sell in really valuable markets for you. Guest: There are 1.5 million companies in China. Host: The Chinese market very quickly moved its way up to the second largest medical market in the world, and it is showing no signs of slowing down. Guest: When I'm talking to a lot of Chinese companies in MedTech areas, I get the feeling that a lot of company, they are not ready to get to a US market or a European market. Host: We always say cybersecurity should be considered from design to disposal of the product, the entire lifecycle. Host: Hello and welcome back to the MedDevice Cyber Podcast. I'm your co-host Trevor Slattery, joined with our other co-host Christian Espinosa. Host: And today, we have a very special guest, William Jin. We're going to dive in to talking about some of our typical North Star with cybersecurity and then looking a little bit into some of these differences that we see between the US market as well as the Chinese market. Now, before we dive in too far, I'll turn it over to you, William, to give a little bit of an introduction of yourself, a bit of background, and then we can jump right in. Guest: Yeah, I was educated uh as a medical doctor in Shanghai, China. And then I'm moving in the industry like more than 30 years. I worked for a company like Medtronic and Stryker. So, right now, I'm pretty much focused on helping the uh overseas, outside of China MedTech company, especially innovative product into China market, as well as support the uh Chinese MedTech companies if they are willing to go abroad. Host: Awesome. So you're helping uh kind of both directions. Chinese companies trying to get to uh United States as an example and US companies trying to get in the Chinese market. It's, is that correct? Guest: Yes, yes. I start with helping the overseas getting into China market, but now there are more and more Chinese company they are finding the way to go to US and uh European market. But I find uh a data, latest data from the uh China statistic data, the Chinese export to Europe and US, the data actually to North America is decreased in year 2000, 2025 versus 24. Decreased like a 5%. But to Europe like uh increased like 11%. So uh, that's uh seems uh although overall Chinese company MedTech, they want to go abroad, but seems it's not uh reflect in the numbers to North America. Host: Lines up with the uh the new tariffs coming in on just about everything imported to the US, so I can't say I'm surprised to hear that. Guest: Yeah, I I think this is one of the reason, the tariff. But I still when I'm talking to a lot of Chinese companies in MedTech areas, I get a feeling that a lot of company, they are not ready to get to a US market or European market. I think uh not only on the IP perspective, I think that's the uh, you know, always the issues about IPs and and also uh uh coupled with uh the commercial knowledge, how to launch your product into another market, especially in a more mature market. And uh how you, do you have a talent, do you have a knowledge? But right now, like our discussion, I think uh a lot of MedTech product is getting to like wireless, getting to iCloud, getting to uh data, you know, algorithm, then it's uh, I talked to the company, most of them they are not ready or fully aware about the cybersecurity and what kind of requirement in uh outside of China. So I think uh all these are the uh barriers or the uh challenges for a Chinese company, MedTech company if they are plan to go US or Europe. Host: And what are some of the challenges with a, let's say, US, United States based company going into China? What are some of the main challenges you see on uh that angle? Guest: From US to China, right? On the MedTech side, I think uh the normal factors will be like you understand the local market, you have a local talent, and also the registration time is much longer than in US and Europe. It takes like three to five years based on your categories, three or two or three. Most recently, I feel, I have uh two cases about the datas. Because for example, you know, some of a MedTech product, they are developed under Google platform. So all the other associate they are build up on a Google platform. But Google platform is not allowed in China market. It's not allowed by the Chinese government. So this product, they cannot sell the similar, the exactly same product in China market because the Google actually not allowed. And then you need to develop everything from scratch, only from the some local like Alibaba or Amazon maybe available. So you need to do everything from scratch. So this is the biggest challenge for that particular company because they are using algorithm, collect the data. And uh on this perspective, I think the other challenge is Chinese has uh Chinese government has a very strict rules regarding the exchange of the data. The patient information, the some other, you know, uh uh data, how you can change to to cross the broad. So some algorithm will not be work in uh outside of China. So that's another challenge in the, you know, the software or cybersecurity side in addition to the, you know, the normal one. The normal is like understanding local market, registrations, local talent. But this is a new trend. It's a new challenge. Host: So we always when we're talking to prospects or even clients, we try to get them to reverse engineer the markets they want to go into because a design decision, like you mentioned William, to use Google as your cloud platform means that you're going to have to redesign it later if you want to enter the Chinese market. So there's a lot of, you know, you have to like look forward and then work backwards basically to make sure you're making the right design decisions early on. Otherwise the ramifications are pretty uh costly. Guest: Yeah, exactly. Uh the question I always ask some of MedTech startup companies is, although you are small, you just started, but you need to have a mindset what you want to go. You need to have a plan. You know, it's similar for Chinese company want to go abroad, go to US. If you design your product, never, you don't want to go to US, you only want to sell in China. That's fine. Then you follow the local rules. But if you do, in some point of stage, if you do want to, you know, expand your product, your market into US or Europe, then you need to plan to start with. Especially for those product using data, using iCloud, using algorithm. It's exactly same thing for a US company or European MedTech company. If they want to expand into China market, then they need to, you know, think about put this mind in their initial design. Otherwise, once they get into the later stage, then it's too late. It's very costly. Host: Do you typically see that startups and companies building a product that they want to have across all these markets struggle more to go from outside of China into China or the other way, going from China to other markets such as the US or Europe? Guest: Yeah, I think it's depend on the product. If the product is more uh, you know, how do you say, it's lower tech, more consumables, uh I think Chinese has uh uh a lot of advantages. So you see Mindray, you see other, you know, Chinese product selling in US, in China, uh US or Europe. And although some of a product may not be using a Chinese brand name, they actually manufacturing in China. If say, high-tech product, more using algorithm, using data collection, using some, you know, some more advanced technology, then for Chinese company is pretty uh difficult to get in. But for US or Europe company getting into China market, then the other way around. If they have a very much uh uh innovative, high tech product, which are very unique, not available in China or Chinese company does not have a capability to manufacture it, then they probably uh much easier than the other players to get into China market, to get registered, get fast track, get registration, to get into China market. But if their product is more like more generics stuff and there's no unique uh perspective or technology for their product, then it will be pretty difficult, you know, to get into China market and there are a lot of local competitors waiting for them, and then they may not be able to uh do well in China. Host: Isn't it also true that with the NMPA, they have, I mean, understandably some favoritism towards Chinese companies? So, say an American and Chinese company are creating a similar product for regulatory approval process timelines, aren't they generally going to fast track the Chinese company a bit more? Guest: It's more based on the technology they provide the fast track. But for the Chinese company and uh outside of China's company, the path is different. Because one is local manufacturing, they need to see your local manufacturing site, to make sure, you know, everything you follow the rules, procedures. Uh, that's so-called the local manufacturing license. But for the US and Europe company, if they want to get into China market, they using so-called the import license. So they follow the rule is they using the data, some of a clinical data you already, you know, done in Europe and US may be can refer to China. If, if not, they may ask you to do some additional test or clinical trials for for class three product. So what you meaning, I think uh some of a different treatment for the local manufacturers and the imported product, which is more uh during the commercial stage, like uh government tendering, you goes to the VBP, whatever they using different scheme, try to reduce the overall cost. So, uh, the value wise growing, but not as same level as like a volume or patient data. And also in the recent years, we see uh multinationals, they after like many decades, you know, high growth, right now, their growth is starting to lower, even getting to decrease. And they are also looking for some other local innovative product. They may using this local innovative product manufacturing in China, sell in China. So that's so-called uh, you know, US-China D-link one of the trends. I think uh on the uh cybersecurity and the data, some initial uh for startups to initial preparation, I feel, maybe Trevor, you guys can prepare more case studies to let people know that is very important, like I know Baxter just pull out one of a product because of the uh uh cybersecurity or this kind of issues, a respiratory product, they pulled out from the market worldwide because of a cybersecurity issues. So those kind of a cases, we should let people know, let the industry to be more aware about this. Host: Yeah, we're starting to see like one or two product recalls a week due to cybersecurity, uh at least in the United States, I I subscribe to the FDA uh recall uh subscription list and there's like one or two is seems up per week now. Guest: Yeah, but is it possible that make it like a case study or something or it's not allowed? Because people only read the news say they pull out this product. Like Baxter just pull out one of their major product. They invested a lot on this product on the respiratory, they pull out. But if you go deep, that's because of a cybersecurity. Host: Yeah, and I think it's really important to, it's good to have some information even like the podcasts that we're doing about what are some of these risks out there. What can happen if you're mismanaging cybersecurity? Your product gets recalled, the FDA can come back at you. And that's assuming you get it cleared in the first place. And then what we're trying to really have a push for is how can you just prevent this from happening in the first place? So that's why we constantly keep the, I think the the constant motto of start early and often with your cybersecurity. Don't forget about it. Don't try to push it to the back burner and wait until a situation like that comes up, wait until you're forced to have this massive recall. Since a company at the scale of Baxter, you know, figuring, understanding the cost of A, not just having that available on the market, but B having to pull that out of the market can be extreme for them. So, looking at some easy ways to try to fix that on the front end, I think is a good way to try to bridge that gap. Guest: Yeah. I don't know how they put on the news like Baxter case. But I read the local news, it's just say a recall, the major product recall, so it's a painful for Baxter. But I prefer, you know, if I'm sitting in your you guys shoes who or or sitting trying to educate more industry people, I think the news should be say, because of a cybersecurity issues, this is what happened. This is product recall. Because people just focus on product recall itself, but actually, it's not the normal product recall. This is because of cybersecurity. It's not their product so-called normal quality. Host: Yeah, I think the, what about the last minute words of wisdom or words of advice to MedTech innovators or anyone listening to the podcast? And I'll start with you, Trevor, and then go over to you, William. You got to say something new, Trevor. Host: Well, I think I'm going to steal your new one, and that is start with your markets in mind and work backwards from there. And this is especially, especially, especially important if you're looking at markets such as the Chinese market with really unique requirements. I think that a lot of manufacturers get into the mindset of, well, let's just make something and then we'll try to, you know, tweak it, get it through this regulatory process, but you could be going in a completely wrong direction than what can be effective for you. So, understand where you're going and then try to build the roadmap to get there. Guest: Yeah, it's true. It's true. But one of a thing is what I've seen in my entire career is, you know, the rules are changing. I think, uh, maybe China the rules is changing more frequently than US, but sometimes US is changing more frequently than China. But in our MedTech areas, I can see the change, changing rules are pretty frequent or you can see it's evolving. I don't know, maybe now Amazon is available in China, who knows? Maybe sometimes they say, you know, you can't be because Google, I I remember like uh 20 years ago or 15 or 20 years ago, Google still available in China. There's office here in in Beijing and so on and so forth. But later on, Google banned in China, so they banned everything. I don't know the behind reasons, but the rules are changing. And also like a patient data, the data across the board, I know like 15 or 20 years ago, no one really cares about this. And then later on, starting to pay attention to the data security, the patient, you know, privacy, and then they starting to ask to put some requests behind. But now it's, the hurdle is increased. So, I think it's also changing. It work right now, maybe later it will not work, who knows? Host: Yeah, I like that idea around how everything is changing. I think that this, even in the past couple of years have been a really good time for a lot of regulators to start getting caught up to speed with some of the problems that medical devices are facing. Um, they're trying to clamp down on, you know, very big economic pushes. We see Project 2030 in Saudi Arabia and even there's, I believe there's a similar project in China more focused around healthcare, which is kind of driving a lot of that growth in the Chinese healthcare market. But I think it's a good thing that they're trying to stay on top of these regulations, making sure that products are safely and securely and, you know, reasonably ethically imported into the country. Everything is following a standard procedure and practice there. Um, but I would also be curious to hear your thoughts on that market growth since I know that the Chinese market very quickly moved its way up to the second largest medical market in the world and it's showing no signs of slowing down and it's growing much faster than even the US market. So I'd be interested to hear what do you think is driving some of that push and where do you see that going? Guest: Yeah, I think China the the overall market is growing. That's no doubt because of a population, although the overall population versus the previous decades maybe decreasing, but it's overall is still increasing, the senior, senior people are more and more senior people. I think that's no doubt. But the trend, right now, what I see is there's more and more local company in the MedTech areas, startups, innovating companies. I get a data, latest data by the end of last year, the class two and class three, they claim if a company they claim they are manufacturing or they get approved to manufacture class two or class three, you know, product, MedTech product, there are 1.5 million companies in China. Host: Wow. Guest: 1.5 million companies on the MedTech area. So I see the overall market, the surgical case or the volume wise is increasing, the patient increasing, that's for sure. But on the other hand, you can also see the government try to cut down the cost. They using DRG, DIP, and VBP, whatever they using different scheme to try to reduce the overall cost. So, uh, the value wise growing, but not as same level as like a volume or patient data. And also in the recent years, we see uh multinationals, they after like many decades, you know, high growth, right now, their growth is starting to lower, even getting to decrease. And they are also looking for some other local innovative product. They may using this local innovative product manufacturing in China, sell in China. So that's so-called uh, you know, US-China D-link one of the trends. I think uh on the uh cybersecurity and the data, some initial uh for startups to initial preparation, I feel, maybe Trevor, you guys can prepare more case studies to let people know that is very important, like I know Baxter just pull out one of a product because of the uh uh cybersecurity or this kind of issues, a respiratory product, they pulled out from the market worldwide because of a cybersecurity issues. So those kind of a cases, we should let people know, let the industry to be more aware about this. Host: Yeah, we're starting to see like one or two product recalls a week due to cybersecurity, uh at least in the United States, I I subscribe to the FDA uh recall uh subscription list and there's like one or two is seems up per week now. Guest: Yeah, but is it possible that make it like a case study or something or it's not allowed? Because people only read the news say they pull out this product. Like Baxter just pull out one of their major product. They invested a lot on this product on the respiratory, they pull out. But if you go deep, that's because of a cybersecurity. Host: Yeah, and I think it's really important to, it's good to have some information even like the podcasts that we're doing about what are some of these risks out there. What can happen if you're mismanaging cybersecurity? Your product gets recalled, the FDA can come back at you. And that's assuming you get it cleared in the first place. And then what we're trying to really have a push for is how can you just prevent this from happening in the first place? So that's why we constantly keep the, I think the the constant motto of start early and often with your cybersecurity. Don't forget about it. Don't try to push it to the back burner and wait until a situation like that comes up, wait until you're forced to have this massive recall. Since a company at the scale of Baxter, you know, figuring, understanding the cost of A, not just having that available on the market, but B having to pull that out of the market can be extreme for them. So, looking at some easy ways to try to fix that on the front end, I think is a good way to try to bridge that gap. Guest: Yeah. I don't know how they put on the news like Baxter case. But I read the local news, it's just say a recall, the major product recall, so it's a painful for Baxter. But I prefer, you know, if I'm sitting in your you guys shoes who or or sitting trying to educate more industry people, I think the news should be say, because of a cybersecurity issues, this is what happened. This is product recall. Because people just focus on product recall itself, but actually, it's not the normal product recall. This is because of cybersecurity. It's not their product so-called normal quality. Host: Yeah, I think that that one, we we follow that because I subscribe to the list and our company knew about it, but you're right, I think, uh, developing a case study that shows like here's like in the past, like what quarter, which devices have been recalled from a cybersecurity perspective is probably a really good idea because I don't think a lot of people understand the the magnitude of the the problem we're trying to solve. Guest: Yeah, because there are too many news about product recall. You know, there are many product recalls for some reasons all all the time. So, I mean, in the local news, what I read all the news, no one really mentioned that type. Only when you go deep, you know, this is a cybersecurity issue. But the news title or all the news just say it's product recall. But to me it's not like a traditional, normal product recall. This is because of cybersecurity. It's not their product so-called normal quality. Host: I think that we'll wrap up here. So thanks for tuning in. Thanks uh William for being a guest on the MedDevice Cyber podcast. And thanks everyone and we'll hope to see you on the next one. Guest: Okay. Thank you. See you next time.