Episode 48 · February 5, 2026 · 41m listen · 6,669 words · ~33 min read

What 15 Years In MedTech Taught This CEO About Cybersecurity with Marc Zemel | Ep. 56 - Full Transcript | The Med Device Cyber Podcast

Read the complete, searchable transcript of Episode 48 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

Episode summary

In this episode of the Med Device Cyber podcast, hosts Trevor Slattery and Christian Espinosa welcome Marc Zemel, the CEO of Retia Medical, to discuss the critical intersection of medical device innovation and cybersecurity, especially from the perspective of a MedTech startup. The conversation centers on the journey of developing a life-saving medical device while navigating the increasingly stringent cybersecurity requirements mandated by regulatory bodies like the FDA. Marc shares the foundational story of Retia Medical, a company born out of the principle that 'necessity is the mother of invention.' He explains how his company developed advanced algorithms to monitor a patient's cardiovascular status in real-time, providing proactive alerts to clinicians. This technology, embodied in their Argos Infinity monitor, can detect severe problems like internal bleeding seconds or even minutes before traditional vital signs, such as blood pressure, begin to drop. This early warning capability is often the difference between life and death in high-risk environments like the operating room or ICU. The main argument of the episode revolves around the non-negotiable importance of robust cybersecurity for such critical devices. Marc Zemel emphasizes that when a device's data is used to make life-or-death decisions, its integrity is paramount. He recounts real-world scenarios where their monitor detected severe blood loss before surgeons could visually identify it, allowing for a timely mass transfusion protocol that saved the patient's life. This underscores the catastrophic potential of a security breach; a hacker could manipulate the data, leading clinicians to make tragically incorrect decisions. The hosts reinforce this point by stating that cybersecurity deficiencies are now the number one reason medical device submissions are rejected by the FDA. The discussion concludes that for MedTech innovators, embedding cybersecurity into the core design and culture of the company from the very beginning is essential not only for patient safety but also for the survival and reputation of the business itself.

Key takeaways from this episode

Retia Medical's technology provides proactive cardiovascular monitoring, detecting life-threatening issues like blood loss before traditional vital signs like blood pressure change.
For MedTech devices that provide data for life-or-death decisions, cybersecurity is a fundamental requirement, not an optional feature.
A single cybersecurity breach that compromises data integrity can be fatal for patients and can irrevocably destroy a medical device company's reputation.
Proactive monitoring with advanced algorithms gives clinicians an early warning system, allowing them to intervene and save lives in critical situations where seconds matter.
Cybersecurity is the number one reason medical device submissions are rejected by the FDA, making it a critical hurdle for innovators and startups.
The evolution from cumbersome, multi-lead ECGs to simple, app-based monitors with a single lead highlights the rapid and patient-focused innovation occurring in the MedTech space.
Building a culture of security from the ground up is more effective and essential than treating it as an afterthought, especially in the highly regulated and high-stakes medical device industry.

Full episode transcript

I remember being nine or 10 years old I think with all of these ECG leads running all over the place connected to me 24/7, even for months after surgery. And now we've had some companies come through our door where it's just a little app you get on your phone and then one tiny ECG lead and that's it. That sounds like you guys are a key example of that. It's sort of the old story of necessity is the mother of invention. We develop algorithms for detecting changes in cardiovascular status. And we deploy them in standalone monitors, our new product called Argos Infinity. Often we will detect problems before the blood pressure drop. We took a long look at this protections that we needed to ensure that we had proper cyber security because there's no going back. I've had scenarios where people were in the OR and we saw change before they saw blood pooling in the surgical field where seconds mattered and they had to initiate mass transfusion protocol to bring the person back to life, frankly. And if somebody is getting in there and they're monkeying with your system and then giving you the wrong information because they found a back door or whatever, your reputation is gone. Cyber security is the number one reason that medical devices are getting kicked back. Hello there and welcome back to another episode of the Med Device Cyber podcast. Your usual hosts, myself Trevor Slattery and Christian Espinosa are here as well as a very special guest that we have today, Marc Zemel. What we're going to talk about are some of the challenges that MedTech innovators and startups and manufacturers may face while moving into their cyber security journey and moving towards their submission pathway. Before we dive in too deep, I'll check in with everyone and see how everyone's doing today. I'll start with you Christian, how are you doing? I'm doing well. I just got back from Kenya, so about 40 hours of travel, a little bit jet-lagged. Uh, got a little sunburnt at Kenya where I was staying at altitude and I it's about 6,000 ft high. So I hung out at the plunge pool for about 15 minutes and I guess because of the altitude and the the sun bounce off the water I got a little sunburned, plus you're driving around in these little vehicles all day in the wind, looking for the the rhino and all the animals. So that was, it was fun. Well, a sunburn in December is never a bad thing. Yeah, and plus I got, I I still wear these glasses. I don't like the way they look on on video though, but I've got used to wearing these like blue blocker glasses or whatever, even though they don't look so cool. There you go. And how about yourself, how are you doing today Marc? I'm doing great. We just uh almost done wrapping up 2025, way ahead of plan which was awesome, and looking forward to kicking off 2026 and continued growth for our uh Retia Medical. Awesome. And where are you calling in from today? Yeah, uh we're based in White Plains, New York, just north of New York City. Trevor was just up in the area recently, weren't you, Trevor? Yeah, just uh was out in New York for a couple of days and then up in Toronto. I actually just got back I think day before yesterday. Nice. Nice. Well, let me know when you're in town. How far from Lake Placid is that? I did the Lake Placid Ironman. Lake Placid is all the way north. Oh, okay. Several hours, like four or five hours north of us. Oh, wow. Okay. Yeah. I feel like New York's a bigger state than a lot of people realize. You kind of, if you're not from New York, you think about the city and then everything is just upstate until you get to Lake Ontario. Upstate's a pretty, pretty far away though it sounds like. If you live in Manhattan, then where I am, which is Westchester County is considered upstate, but it's really more like New York metro area. We're about half an hour into Upper West Side, so it's pretty funny. The strictest definition I ever heard is anything past 125th Street is upstate. That sounds about right. All right. Well, why don't you start by telling us a little bit about yourself and a little bit about what Retia does? Sure. so, uh, I'm the co-founder and CEO of Retia Medical. Uh, I actually uh trained as a mechanical engineer. Uh, I got my master's from MIT and then worked in the uh semiconductor capital equipment industry for about a decade. Uh, and then I decided to move into MedTech, so I went back, got an MBA, uh, at Yale, worked at Becton Dickinson for a few years, and then decided to start my own company, which I've been running now. In May it'll be 15 years, Retia Medical. Uh, I joke that we were two guys with slides, so uh, licensed the technology, raised the capital, built the team, took us through FDA, CE mark, and now we are sold in 18 countries, uh in the US uh we're sold by Medtronic, we're in 75 hospitals. Uh it's been quite a ride and, you know, a lot more to do.

1 / 8