Episode 70 · May 14, 2026 · 42m listen · 4,703 words · ~24 min read

Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co | 70 - Full Transcript | The Med Device Cyber Podcast

Read the complete, searchable transcript of Episode 70 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.

Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.

Episode summary

In this episode of the Med Device Cyber Podcast, host Christian Espinosa is joined by Zoltan Kevei, Founder and CEO, and Szabolcs Tóth, a Regulatory and Quality Expert, from Bishop & Co., a Hungarian software and regulatory consultancy specializing in the MedTech industry. The discussion revolves around the complex and evolving landscape of bringing medical software and devices to market, comparing the regulatory environments of the European Union and the United States, and exploring the role of emerging technologies like Artificial Intelligence (AI) in software development. The guests begin by addressing a major strategic shift in the MedTech industry. Historically, the EU was considered the easier and faster entry point for new medical devices. However, with the implementation of the new, more stringent EU Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR), this has changed dramatically. Tóth explains that these new regulations have created a significant bottleneck, drastically reducing the number of Notified Bodies available for certification and extending approval timelines to anywhere from 9-13 months, sometimes even up to two years. This has led many innovators to pivot their strategy, targeting the more stable and predictable US FDA approval process first, despite the US being a larger and historically more challenging market. They emphasize that navigating this landscape requires deep, specialized expertise, framing the process with the adage, “it takes a village” to successfully bring a product to market. A significant portion of the conversation focuses on the integration and impact of AI in software engineering. Both guests offer cautionary perspectives, arguing that while AI is a powerful tool, it is not a substitute for human expertise. Tóth uses the compelling analogy of a power drill: it is an excellent tool that makes a carpenter more efficient, but it does not make a novice into a carpenter. Similarly, AI can augment the work of experienced engineers but can lead to significant problems if relied upon without expert oversight. Kevei warns that teams relying too heavily on AI can be led "into the deep forest," producing inefficient or flawed code that costs a great deal of time and money to fix. This underscores the critical importance of keeping a seasoned human expert in the loop to guide development and validate AI-generated work. They also touch on the trend of companies using "AI" as a buzzword to attract investors, which can unnecessarily complicate regulatory pathways and add scrutiny to projects where a simpler, deterministic algorithm would have sufficed. The consensus is that innovators must be diligent and strategic, engaging specialized partners early to manage risk, ensure quality, and navigate the complex journey from concept to market.

Key takeaways from this episode

The regulatory landscape has shifted, with the new EU MDR/IVDR creating bottlenecks. Many MedTech companies now prioritize entering the more stable US market first, a reversal from previous strategies.
Artificial Intelligence (AI) is a powerful tool for software development but should not be seen as a replacement for human expertise. It's like a power drill for a carpenter—it enhances efficiency but doesn't create the skill.
Over-reliance on AI without experienced human oversight can lead to costly mistakes, inefficient code, and significant rework. Keeping an expert in the loop is essential for validation and quality control.
Bringing a MedTech product to market successfully 'takes a village.' Innovators must collaborate with a team of specialized experts in regulatory affairs, software engineering, and cybersecurity from the project's outset.
Treating crucial areas like regulatory compliance and cybersecurity as an afterthought is a common but expensive mistake, often leading to major delays and increased costs late in the development cycle.
The use of "AI" has become a buzzword to attract investors. Companies should be cautious about adding this label, as it can introduce unnecessary regulatory complexity where a simpler algorithm might be more appropriate.
The MedTech industry requires specialized knowledge. Generalist software developers or regulatory consultants with a hardware focus may not have the nuanced understanding needed for medical software, leading to potential compliance and safety issues.

Full episode transcript

Christian: There's a statistic that on average it takes a medical device manufacturer seven years and 35 million dollars to bring a product to market. Szabolcs: Europe was the first go-to place to enter. Now, since the EU MDR, IVDR came in, it kind of changed around. Christian: Sounds like a lot of people have shifted their strategy to get to the US market first. Zoltan: whole teams are driven into the deep forest by the AI, so it can cost you a lot if you rely too much on these technologies and you are not trying to use your years of experience. Szabolcs: AI is a very good power tool for experts. The way I see AI is the way I see the power drills. It's not going to make you a carpenter. Christian: I think it's interesting that we're seeing more specialists because it is very different than the traditional hardware. Christian: Hi, welcome back to another episode of the Med Device Cyber Podcast. I'm your host, Christian Espinosa. Today we have a couple guests from Bishop and Company. They're coming to us all the way from Hungary. I'm not sure what town of Hungary. I've only been to Hungary once, when I backpacked around Europe. I went to Budapest. So we got uh Zoli and Sabi. And maybe you could give a little bit of background about yourself. I know you do software engineering and regulatory strategy in the EU and some in the US. And we've got a pretty awesome conversation planned today. So maybe you could start off by introducing um your organization and a little bit about both of you. Zoltan: Uh so first of all, we're not in, we're not located in Budapest. Actually, we are located in different cities. Szabi is in Győr. Myself and majority of the team are, we are located in Szeged, south part of Hungary. So yeah, Bishop and Co. Bishop and Co is a software software outsourcing studio or software outsourcing consultancy. And uh, we're mainly focusing on on on, yeah, probably from end-to-end solutions in in software engineering. From regulatory and from even business analysis to to deliver a an end product. Uh, and actually what, what I'm rather responsible for the software engineering part, and Szabi is mainly responsible for the regulatory part. So that's why we are both of us are here together. Um, Szabi. Szabolcs: Hi, my name is Szabi. And uh, you know, I've been working in this industry for almost 15 years now, uh, mainly focusing on the regulatory and the quality aspect of uh medical devices, and mainly specialized on medical software. So that's I would say like a little bit of niche around my expertise. And uh, I think it's a pretty exciting industry to work in because, you know, as you know, you know, there is a growing medical device industry nowadays, especially in the software side. And I think there is like a special need because of the nature of software. So, and it's constantly growing and it's, you know, it's a never ending, you know, learning curve, you know, for everyone, um, you know, including both uh us and even the regulators so, so I think it's a pretty exciting area. Christian: Awesome. I had to look up uh where I think he said Szeged, right? It's on the very, it's on the border, right, right by the border there of uh, looks like you're bordering uh, Serbia and uh, Romania. pretty close to both of them, It's right kind of in a triangle there. Zoltan: Yes, that's where I am located. And Szabi is closer to Slovakian and Austrian border. So we're like three Oh, okay. Christian: So you got the, you got the op, you got the north, you got the opposite directions of the country covered. Szabolcs: Yeah. Zoltan: Yeah. Zoli’s located in the southeast corner. I'm located in the northwest corner of the country. Christian: Right. Awesome. Zoltan: But it's not a big country, mind you. Christian: Yeah! Yeah, I just did the Euro Pass in Europe back uh, after college, you could buy like a 30-day pass for the train, the European train, and just kind of travel around wherever the train went uh for 30 days and then you had to buy a new pass. So that's, that's what I did. And uh I, I only went to Budapest, I don't, I didn't check out anywhere else. But uh, it was awesome. Szabolcs: Next time you come around, you let us know and then we show you some other parts as well. Christian: Yeah, I, I kind of like going to just like, the bigger cities are all kind of the same across Europe and across the world. I think the smaller cities have more of a, like a cultural sense to it, and just a little nicer as well, a little cleaner and not as dirty and all that.

1 / 6