What 15 Years In MedTech Taught This CEO About Cybersecurity with Marc Zemel | Ep. 56

I remember being nine or 10 years old, I think, with all of these ECG leads running all over the place, connected to me 24/7, even for months after surgery. And now we've had some companies come through our door where it's just a little app you get on your phone, and then one tiny ECG lead, and that's it. And it sounds like you guys are a key example of that. It's sort of the old story of a necessity is the mother of invention. We develop algorithms for detecting changes in cardiovascular status; we deploy them in standalone monitors. It is our new product called Argos Infinity. Often, we will detect problems before the blood pressure drops. We took a long look at the protections that we needed to ensure that we had proper cybersecurity because there's no going back. I've had scenarios where people were in the O, and we saw a change before they saw blood pooling in the surgical field, where seconds mattered, and they had to initiate a mass transfusion protocol to bring the person back to life. Frankly, if somebody's getting in there and they're monkeying with your system and then giving you the wrong information because they found a backdoor or whatever, your reputation is gone. Cybersecurity is the number one reason that medical devices are getting kicked back. Hello there and welcome back to another episode of The Med Device Cyber Podcast. Your usual hosts, myself, Trevor Slattery, and Christian Espinosa, are here, as well as a very special guest that we have today, Marc Zemel. What we're going to talk about are some of the challenges that MedTech innovators and startups and manufacturers may face while moving into their cybersecurity journey and moving towards their submission pathway. Before we dive in too deep, I'll check in with everyone and see how everyone's doing today. I'll start with you, Christian. How are you doing? I'm doing well. I just got back from Kenya, so about 40 hours of travel. I was a little bit jet-lagged. I got a little sunburned in Kenya, where I was staying at altitude. It's about 6,000 feet high. So I hung out in the plunge pool for about 15 minutes, and I guess because of the altitude and the sun bounced off the water, I got a little sunburn. Plus, you're driving around in these little vehicles all day in the wind, looking for the rhino and all the animals, so that was fun. A sunburn in December is never a bad thing. Yeah. And plus, I got, I still wear these glasses. I don't like the way they look on video though. But I've gotten used to wearing these like blue blocker glasses, whatever, even though they don't look so cool. There you go. And how about yourself? How are you doing today, Marc? I'm doing great. We just almost wrapped up 2025, Way ahead of plan, which was awesome. And looking forward to kicking off 2026 and continued growth for our Rhae Medical. Awesome. And where are you calling in from today? Yeah, we're based in White Plains, New York, just north of New York City. Trevor was just up in the area recently, weren't you, Trevor? Yeah, I was out in New York for a couple of days and then up in Toronto. I actually just got back, I think, day before yesterday. Nice. Nice. Well, let me know when you're in town. How far from Lake Placid is that? I've done the Lake Placid Iron Man. Placid is all the way north. Oh, okay. It's several hours, like four or five, hours north of us. Oh, wow. Okay. Yeah. I feel like New York's a bigger state than a lot of people realize. If you're not from New York, you think about the city, and then everything is just upstate until you get to like Ontario. Upstate is pretty far away though. It sounds like if you live in Manhattan, then where I am, which is Westchester County, is considered upstate, but it's really more like New York metro area. We're about half an hour to the Upper West Side. So, it's pretty funny. The strictest definition I ever heard is anything past 125th Street is upstate. Yeah. That sounds about right. All right. Well, why don't you start by telling us a little bit about yourself and a little bit about what Rhae does? Sure. So, I am the co-founder and CEO of Rhae Medical. I actually trained as a mechanical engineer. I got my masters from MIT and then worked in the semiconductor capital equipment industry for about a decade. And then I decided to move into MedTech, so I went back, got an MBA at Yale, worked at Becton Dickinson for a few years, and then decided to start my own company, which I've been running now. In May, it'll be 15 years, Rhae Medical. I joke that we were two guys with slides. So, I licensed the technology, raised the capital, built the team, took us through FDA CER, and now we are sold in 18 countries. In the US, we're sold by Medtronic. We're in 75 hospitals. It's been quite a ride, and you know, a lot more to do. We develop algorithms for detecting changes in cardiovascular status. That's fundamentally what we do, and then we deploy them either in standalone monitors, which is our historical product. And now what we'll probably talk a lot more about is our new product called Argos Infinity that we'll be rolling out in Q1 of 2026, pending FDA clearance. We're in the middle of that process right now. When you're talking about cardiovascular, because I had blood clots, would that help detect something like blood clots or is it mainly like their heart muscle? Yes. So I say cardiovascular as sort of the broadest term. We particularly assess cardiac and circulatory function. Okay. So, we're monitoring blood flow and the resistance of your arterial system, the amount of blood ejected with each heartbeat. When you think about what people typically will measure, they'll measure blood pressure. That's the easiest thing to measure. But blood flow is what carries the oxygen to keep your vital organs alive. So historically, the way to measure this was by threading a catheter through your heart into the pulmonary artery. That's called the pulmonary artery catheter. And that would be the way that they would measure, they would measure flow by injecting cold saline and then measuring the change in temperature. And that would be the way they would infer the flow rate, which is, it's like a, I call it a science experiment at the bedside. So what we do is we take that blood pressure signal that people get from an invasive arterial catheter and then we run an algorithm using a sophisticated model of the circulation to calculate the blood flow, the vascular resistance, and all these other parameters that then are used by anesthesiologists, intensivists, critical care nurses to manage their patients more precisely to diagnose what's wrong with the patient, and obviously, to detect patient deterioration. Often we will detect problems before the blood pressure drops. So it's an early warning system for your body, for your cardiovascular system. So the blood pressure is less important than the blood flow, or but they're sort of related but not enough to make a prediction. Is that correct? Yes. I mean, look, blood pressure is a vital sign. If your mean blood pressure drops below 65 millimeters of mercury, every alarm, every bedside monitor will go off, right? That's an emergency. So but typically, that's a sign that already something was going wrong beforehand, and that's what we're picking up earlier. The technical term would be loss of perfusion. The perfusion is what's delivering that oxygen to your vital organs. You know, typically, let's take an example of somebody's bleeding. And if you bleed, and you're a relatively healthy person, you will squeeze your vessels down to maintain that pressure in your trunk at the expense of your peripheral limbs, right? And so, you might maintain your blood pressure for quite a while until you kind of fall off a cliff. Meanwhile, your blood flow is going down the whole time because it's not obviously coming back to your heart, it's leaking out. So, we detect that change before the pressure drops. Yeah, that's awesome. It's interesting to me because I think both Trevor and I have had, I guess, cardiac or blood issues. So, to me, it's interesting to hear about these kinds of technology. Wasn't your heart, it was beating too fast. Was that the deal, Trevor? Yes. So, I have Wolf-Parkinson's-White syndrome, and that led to quite a few complications when I was around eight or nine. Oh, wow. Some very rare, very rare side effects. Luckily, nothing has emerged too quickly from there. But I know, even us being so involved with the cybersecurity and with the FDA process for medical devices, we get exposure to a lot of devices that are even intended to treat symptoms of Wolf-Parkinson's-White or manage it a little bit better instead of, I remember being, whatever it was, nine or 10 years old, I think, with all of these ECG leads running all over the place, connected to me 24/7, even for months after surgery. And now we've had some companies come through our door where it's just a little app you get on your phone, and then one tiny ECG lead, and that's it. So, it's cool to see how these things can evolve as time goes on, for sure. And it sounds like you guys are a key example of that. Taking something that used to be a little bit of a complicated, a very invasive, and a very difficult process and finding some ways to look at it a little bit more precisely and a little bit less science experimenty. Yeah. I mean, if you think from the ECG world, think of that as measuring your electrical system where you're saying to your heart,