Why MedTech is the Future of Entrepreneurship with Omar Khateeb | Ep. 54

In this episode of the Med Device Cyber podcast, hosts Christian Espinosa and Trevor Slattery are joined by Omar M. Khateeb, host of the State of MedTech podcast. With a background that spans medical school, surgical robotics, and marketing, and having produced over 300 podcast episodes interviewing key figures in the MedTech industry, Omar provides a unique and comprehensive perspective on the current state and future of medical technology. The conversation kicks off with a discussion on whether the MedTech industry, particularly in cybersecurity, is improving or worsening. Omar believes it is improving, largely due to a shift in the market dynamics. He explains that for years, the industry was characterized by consolidation, with seven major strategic companies dominating the landscape. This environment led to fewer exits for startups and a more risk-averse venture capital scene, stifling significant innovation in favor of incremental improvements. However, the current trend is one of 'focus.' Large companies like 3M and J&J are spinning off divisions to become more specialized, creating a new category of 'mini-strategics'—companies with market caps between $2 billion and $15 billion. Omar argues that these newly independent or more focused entities must now grow through mergers and acquisitions, creating a more competitive and dynamic M&A market. This shift creates more opportunities for startups and encourages innovation. The discussion also touches on the necessity of a 'bubble' in MedTech to fund 'moonshot' projects, similar to how the dot-com bubble laid the groundwork for today's internet giants. Omar argues that the industry's risk-averse nature has prevented such transformative leaps, and an influx of capital, even if it leads to a temporary bubble, could spur the kind of groundbreaking innovation needed to solve major healthcare challenges. The conversation also delves into the critical role of cybersecurity in this evolving landscape. As MedTech devices become more digital and data-driven, especially with the move towards at-home care and AI integration, cybersecurity becomes paramount. A company's cybersecurity posture is now a vital part of its due diligence for acquisition or investment. A lack of robust security can be a deal-breaker. The hosts and guest agree that the industry needs to do a better job of marketing itself to attract top talent, who are often drawn to more 'sexy' fields like AI and crypto, despite the significant impact and financial opportunities within MedTech. They touch upon how even seemingly simple devices, like continuous glucose monitors or those with NFC capabilities, are now considered cyber devices by the FDA, requiring a strong security strategy from day one to de-risk the product for both patients and potential acquirers.

Do you think the state of Medtech uh in cybersecurity is improving at all or we getting worse? Yeah, no, I think it's improving. So like here's how I look at it. What do you think Trevor about the industry in cybersecurity? And so I would hope that it's a little bit more well structured than some of these uh other situations which we've seen come up in similar cases in the past, but What do you mean a new bubble? What does that mean? There's got to be and again, I I this is these are part of like larger macro issues I don't have an answer, but like, you know, I'll give you an example like on the capital side. Hi, welcome back to another episode of the Med Device Cyber podcast. Today we have a guest, uh Omar. He's going to talk to us about the state of Medtech and he's been doing quite a few podcasts. I don't know what episode number you're on, but you've interviewed and talked to a lot of people in the industry, haven't you Omar? Yeah, definitely, definitely. I mean, you guys been on the show uh before with uh when we did a webinar together and then we have your episode coming out soon. Um but yeah, I think we're 330, it's in the 300s right now, for sure. That's right. So you've got a pretty good pulse uh after 300 and something discussions with people in medtech. So it'll be interesting to see how you feel the industry has shifted over the years and um we'll talk a little bit about cybersecurity as well because I know we talked about that in the past. And I'm Christian Espinosa, the co-host. I'm here joining with Trevor our co-host. And I think you two are coming to us from well, NorCal and SoCal. Is that right? That's right. Oh, I'm in SoCal. I didn't know Trevor's in in NorCal now. I thought Trevor's like the international man of mystery. He's always like somewhere in the world. So... Yeah, I'm uh, settling down for a few more hours here actually even in San Francisco and then back on the road again. But I do have an apartment here that is now becoming an expensive storage unit, but yeah, very small. That is probably the world's most expensive storage unit for sure. I would change that quickly or just move to the East Bay, I don't know. Yeah, I, it's I think it's hard to beat the San Francisco just closeness of everything, but yeah, I figure I got to spend a little bit more time here to actually enjoy the closeness of everything. Awesome. Why don't we start off Omar, but you can maybe introduce yourself and give a little bit of background about what you do and uh what your organization does and we can go from there. Yeah, yeah, wonderful. And again, thanks for having me on the show. It's an honor to be on. You guys have a fantastic uh show and I more importantly, like I love uh podcasts that have like a very specific niche. You guys have a very nice like focus on technology and cybersecurity. Um so what do I do? So, um I've been in the industry a little over 15 years, uh started off in medical school before I transitioned into surgical robotics as a sales guy, moved into marketing and though as they say the rest is history. Um and a few years ago you know I decided to uh start my own business. Um it started off with me selling like online courses because I just didn't want to deal with anybody. I literally wanted to make Wi-Fi money and just like, you know, sell a product and not deal with anybody. But then over time I was like, yeah, you know, I'm actually, I'm really good at marketing in market engineering and so, um started my own firm. Um so uh our company is Marketcraft. You know, our whole focus is on essentially, you know, the whole idea behind market engineering. So a lot of people know about what it takes or what it looks like to create a category, but in order for that to actually work, you have to be able to engineer a market or in our case craft a market uh so you can drive adoption, raise awareness with investors and even leverage strategics for buyout. Um and so we work with a lot of early stage companies uh anywhere from like pre-FD, pre-commercial all the way through like commercial. Um we don't necessarily work with strategics, but you know, in our product road map, I think for every small business, especially if you're service-oriented, you know, at some point you're going to end up working with like large strategics um in the future. Uh and what what really what people know me for, they don't really know me for Marketcraft. uh they, which is going to change. you know, we just went through a name change. now we're Marketcraft away from Khateeb and Co. So it'll be a lot of like really great uh thought leadership content produced on that end so that people know like what we do and more importantly how they can spend money with us. Um but what everybody knows me for is really State of MedTech, the podcast. Um and so uh you know, with that show, you know, I interview investors, CEOs, uh industry experts like yourselves and you know, really just to have a pulse on the industry and so as a result of that, like I guess like I'm one of the few people in the space who really has a true pulse on things because I'm talking to so many different people from investors and CEOs down to like even like sales people. Awesome. So what, what is the pulse on Medtech? Are we are we getting better? Getting worse? Or like what what what is the pulse? What would you say? that's a hard question to answer though, right? No, no, not a, no, not a no, not a hard question at all. Hey, look, as the host, as a host of a show called the State of Medtech, I should be able to, like, articulate what the state of Medtech is. Um so, if you kind of look at it, if if the last few years was about consolidation in the industry, right? Um so, you know, very few strategics. So, if you look at the strategics in our industry, you have seven of them and I'm going to list them out. So, the seven strategics were essentially Abbott, Edwards, Boston Scientific, Stryker, Siemens, J&J, Medtech, and intuitive, of course, I can't forget intuitive. And so, uh, the state of the industry for the longest time was essentially that, you know, these companies, uh, could kind of sit back and see how things go in the market. They didn't really have to have this like really aggressive M&A approach. Um Boston I think is probably is the most active buyer and they do a really good job of that. But you know, the problem with that is that over the last few years while a lot of consolidation was happening, there wasn't a lot of competition in the market. And so uh exits were depressed. Uh as a result of that, venture capital became a lot more strained, you know, venture as a whole across all industries, not just Mettech, uh was a really poor performing asset over the last few years. And so for LPs, they put a lot of pressure on their VCs and now VCs these days, whether you're in Mettech or tech or anything else, are really looking at like revenue generating companies, which is great. I mean, you you can essentially hire a monkey to like look at a company making money and say, oh yeah, we should invest in that. Um but then that sort of leaves this weird like no man's land for like early stage companies, right? Especially in our industry. Well, that's what happened in the last few years. So what's happening this year? This year's kind of being defined by this theme of focus, right? So if you look at it, like, a lot of these strategics are just spinning out, um, somewhat profitable or not not so profitable divisions of their is like, um, and really getting focused on things like, like something that I think is super interesting is like Striker. Um they have uh in in production and in development a a robotic spine platform, but they spun out their entire spine division. They sold it to um the Physio Igi brothers, um which is a uh essentially a PE firm. Uh you have uh companies like 3M, they spun out solvenntum. Uh the more famous one is J&J spinning out to Pew. And so what does this all mean? Well, what's interesting about that is, you know, I wrote an article a few weeks ago, I got back to writing, um and I wrote this article about the birth of the mini strategics and I try and define, it's kind of a loo term. Company that has anywhere from 2 billion to 15 billion in market cap is essentially this mini strategic. So De Pew is a great example. De Pew is the orthopedic division of J&J. It's about a 9 10 billion dollar market cap business. The only way they're going to compete and grow is through M&A. And so now, if you think about like you had this like world of seven, these seven big strategics, right? Now, there's all these mini strategics entering that space and what's going to happen is that below those um major, those major strategic companies, there are already some other existing strategics, like many mini strategics. Like for example, like iRhythm. iRhythm is in the uh cardiac rhythm arrhythmia space. Uh they're a $5 billion company. You have SI Bone, which is a $3 billion company. Alphatech Spine, another $2, $3 billion company. Well, now there's all these other new entrance into that pool, which is going to create a lot of competition at that level. And what's happening at the higher level is like things uh companies that again, not mentioned in the main strategic list I gave, but like GE healthcare, Siemens, all 20, 30, $40 billion companies are now going to end up getting aggravated. So now they have to spend a much more active of uh role, either investing in these companies, which is why you're seeing Siemens do a lot of these like partnerships and stuff or buy them out like just recently, um, who was it? Uh GE healthcare just acquired um, uh Intead, Intead, Intead, which is which is essentially uh this like uh AI cloud enabled uh enterprise imaging platform, right? And so, all this happening, the reason why this is a good thing is that we're heading in the right direction is because sure, aside from exits becoming more of a thing, you had Lena Khan who's the head of the FTX stepping down, she was really big on like anti trust and everything and so like M&A, IPO markets sucked the last few years. So now all this stuff is happening, it also introduces a lot of access to capital for startups. So they don't have to just go to traditional venture capital, they can go to private investors, they can go get a corporate investment arm, right? Because now there's sort of a much better uh time horizon and path multiple pathways for these companies to essentially either go IPO or get acquired or get acquired beforehand, right? Versus before like it was just really, really tough. and we have an environment like that where you know, your only uh path to exit is an acquisition that might take like seven to 10 years, like a lot of investors don't want to sign up for that, right? What about from a cybersecurity perspective? I know it's like a subsector of the state of Medtech. Do you think the state of Medtech uh in cybersecurity is improving at all or we getting worse? Yeah, no, I think it's improving. So like, so here's here's here's how I look at it. So, in in a I'll give you a little bit of historical context. So historically, you go back like 15, 20, 30 years ago even, um you can come up with a company that was going to have some like incremental improvement. like let's use Spine as a great example. so many different spine companies. they have like tiny incremental improvements on like one area, right? But then, you know, you can do that and you can go and sell your company to like somebody you know, it'll buy it, you know, you know, a few hundred thousand, ten million dollars, you just do this over and over again. Well now, you can't just do that anymore because now in order to attract capital, like you have to have like a pretty meaningful product that's going to make a meaningful difference and dent in the market place. And with that being introduced now, especially the last few years, everybody's trying to do some version of like AI enabled something. And if not AI enabled, like you have to have some digital aspect to it or data enabled. There's plenty of companies out there that make amazing medical device products that are going to get funded that are like dumb products. They're not digital or anything. But the vast majority of them need to have some kind of approach where it's like, hey, like, we're going to have this data play, right? Or this digital capacity and everything. So, in that introduces a lot of risk, right? And the only way to de-risk that is to have like a much better approach to the regulatory aspect, which is why cybersecurity has become so important. So, I was very interested in in engaging you guys because it used to not be the most important thing, but the last few years, it's extremely important. And I think that when companies are looking to get acquired, you want to de-risk from day one all these different aspects. So, you want to de-risk so like what Marketcraft does, we help companies like positioning themselves from a messaging and a, you know, a commercial standpoint. So you de-risk your your chances so way when you have to go to market or you talk to a strategic, you're able to show like yeah, we actually have like a very active clinical pipeline. We have commercial traction, all these different things, right? You don't want to just wait to your commercial launch to do that. same thing on the regulatory side, like if a strategic buyer is looking to acquire you, but then they see that there's all kinds of cyber security risks and issues like they're not going to touch that because the last thing they want to do is acquire a company that didn't do things uh at least to a certain standard on the cyber security site. and then, you know, they acquire this asset and then I don't know, they get a a warning letter from the FDA. Like that's not what they want happening. Yeah, well they typically don't get approved or not approved but cleared by the FDA is what we've noticed. They kind of forget about cyber security. What do you think Trevor about the industry in cyber security? And we we obviously have a very biased lens because we look at only medical device cyber security. No, but yeah, I'm wondering like from your guys's perspective, like how like risk wise, like kind of, you know, you you came on my show and talked about it, but walk us through like, okay, like what happens when you have a huge, you know, you you don't de-risk things, de-risk things on the cyber security. Like what's the ripple effect of that? Well, I think one big example which translates really well to this whole AI boom, you're mentioning, you know, everyone is AI something, digital something, which, you know, is because of the new technology and people are trying to map the application of the technology to specific use cases, but it's also in many cases a marketing push trying to drive more funding. And this happened similarly around 2008 with the push of medical mobile applications, right before those got regulated. Once everyone started using a smartphone, and the FDA started having to clamp down on manufacturers use of mobile apps within a medical device because it was the wild west, you could do whatever you want, you could process any data on them with no control. Uh and people were putting mobile apps on everything, largely as a marketing play in a lot of cases. We're seeing a similar situation where I think the regulators have learned a bit from their mistakes, they're being proactive with this. We saw the second AI started becoming prevalent in devices, the FDA pushed out draft AI cybersecurity and effective use guidance. Um now, this isn't to say that these are actively enforced. It's still a little bit of the wild west with AI, but I do think as a whole, cybersecurity is becoming a little bit more mature. I think it'll always be a bit of a gap since it tends to evolve faster than regulations can keep up with, but we're getting better. We're getting better in general. And just looking at the downstream, you mentioned strategies not wanting to get involved with startups that may not address their cyber security, but even stepping past that, we're seeing that the health care delivery organizations are concerned about cyber security practices even down to insurance being concerned about cyber security practices since there is such a high amount of liability that the hospital can take on if they are using a device that they have not proved as secure or even for home use, the manufacturer is taking on such a massive amount of liability if that device gets hacked. Uh it's becoming a really prevalent relevant concern all the way left in the design process and then in that go to market strategy understanding how to get through some of these problems in the first place. I got I got an interesting cybersecurity question for you guys is that, what's an example of some medical devices that you would not like the average person or average like Mettech professional wouldn't think it needs cyber security uh a cybersecurity strategy for, but it actually does. So like something that's AI enabled, heavy on data. That's those are the kind of obvious ones. Where are some ones that are like not so obvious? You know the, like the continuous glucose monitor patches, like the little Dexcom patches, things like that. Those are considered cyber devices. They're passing data transfers to another system that you don't control, to a mobile phone usually. Um but even just those little stickers. You were talking about iRhythm earlier, it's a similar use case where there's just a small sticker running a little bit of embedded code or, you know, something on a microcontroller, put it in there, but that's processing data, that's processing information. A really interesting one too that we can talk about is per the FDA's definition, magnetic coils such as the ones used in your passport or the ones used in credit cards. If you have those enabled on a medical device and you are running validated software that could be vulnerable to some type of attack that is considered a cyber device. So, something that can read in a credit card, but it has no data interface, does not process any health information, does not make any treatment. That is considered a cyber device? Well, as long as it's used within the medical context, but yeah, I always think that magnetic coil example is one of the biggest gotcha the FDA has out there. Well, like the drug infusion pump example, Yeah, the drug infusion pump example. Because I I've visited many I I I visited my cousin like a year ago in the hospital. And from a, you know, being a hacker, or used to be a hacker, you have all these devices, like I think there's an average of like 14 medical devices per hospital bed. And they've all got these USB ports, they've all running Bluetooth. And, uh, I think some of those were actually vulnerable devices. I didn't test. Uh, I know my, um, wife's, uh, father-in-law, he has a defibrillator, and I, I tested to see if I connect to it via Bluetooth. Um, I was scanning for it, but I couldn't. It might be using Mad Radio or something. Um, but it's always for me it's kind of scary. Like, what if I actually connected to his defibrillator and pressed the, you know, was able to do something. I could shock him or something. Interesting, I did not realize that. Wow. Well, the drug infusion pumps those have those, there's a famous hacker that was able to prove that those were compromiseable in a way where he could kill a patient by increasing the flow rate of a drug such as morphine. Uh, that makes sense. So you're the patient with OD, yeah. Like what okay, give me the like really nefarious bad like if you're a hacker and you got access to somebody's like uh CGM uh data, like what like what could they possibly do? What they could do and what actually happens are a little bit of different stories. So generally hackers look for the lowest hanging fruit, they're in it to make money. Whatever is the most vulnerable device with the most sensitive information. Boom, grab it, take it and run. With a CGM, uh and this is a more targeted scenario and it is still a potential risk, but just to add some context on, you know, this isn't a normal use case. Someone can read in, if they can compromise any device, you can usually manipulate what that device says. And so, a CGM, if it's outside the body generally going to communicate over Bluetooth or often times over NFC similar to a credit card. Hmm. And if you're picking up that information and you can control that CGM, you can control what that information says. You can create your own glucose readings to say whatever you want. Hmm. And especially when, you know, diabetics generally rely on insulin and insulin needs to be very carefully dose since it's not great for you to have too much or too little and if you have it when you're not diabetic, there could be a slew of problems that come in there. So you can modify the results of a CGM where your insulin dosage or your treatment therapy, your treatment plan from your health care provider is altered as a result of those readings to introduce risk to yourself. Well, that's a good point because I think there's a lot of new developments in technology with like a single drop of blood, they can make some predictions on diseases you'll have, and I'm pretty sure insurance companies are going to use this to their advantage. because I had I mean I had to get life insurance. I I I just switched over to life insurance. I had to get this physical and do all this stuff. And they took my blood, but now they can do more tests against my blood to predict if I'm going to end up with some kind of disease. So it's I don't know, it's like it's like you said, it's a great area but I have a feeling like if you're predisposed to anything, you're probably not going to be able to get insurance more. That may not be a bad thing to an extent. So here, here's what I'm seeing and this is again like early data point on this, but like I was checking things out on X and a lot of people are posting about this where essentially um this guy, it started with this guy who's like, you know, young entrepreneur, he's in good good health, same with his family. It's a family of four and his thing was like, you know, for he's paying, I don't know, 20 grand or 30 grand a year on health insurance and then for him to meet his premium, they're going to have to have like something crazy like 20 grand and billings. And his thing is like, I don't know in what world we'll ever hit that minus like let's say a severe hospitalization. And so a lot of people I think are looking to just get maybe some version of like accidental insurance or something something that's going to just protect you like if you have a serious hospitalization, but then other than that just go cash pay for everything. Like I've been talking to people that I know who you know, make really good money and they do cash pay. I was talking to a founder who a client of our of our and Mart craft and you know, he's ensured, he has a spouse that's uh that's a uh uh a medical doctor and he pays cash for his imaging and breakthrough because it's just cheaper that way. You know, so I think like the insurance like the insurance setup that we currently have in this country just we can't continue going on and like part a lot of our insurance is essentially subsidizing like old people uh care for old people. like it's just I don't think we can fix that. That's a problem. Oh, of course, yeah, totally. No, totally. And I that's part of the thing that I'm trying to do with my show is to bring more awareness to mech and like attract like the right mindset, you know, to look, like we we have a talent problem in mech. So we have a capita capital problem is one, but I think that's going to resolve itself because healthcare is like there's there's a ziggs happening where everybody comes everybody's becoming more and more interested in their health and health care. So that's going to have like a a trichle-down effect. It's a mettech, biotech, all these different areas. Right. We also have a talent issue, the smartest people in the valley, Trevor's in the valley. Smart people are not going into mete. They're going into like crypto projects, they're going into social media attack. And so we need to do a better job as an industry, marketing ourselves, not only that you can do really cool stuff in this industry, but you can make a cuz you can make a lot of money. You know, there's a reason why on my show, I go out of my way to promote the hell out of somebody like Ray Kohn who's made like boatloads of money, right? But also in the in the at the same time has had tremendous impact on patients. You know, you can have you can do both those things, you know? So,