Cybersecurity Challenges & Trends in US MedTech with Paul-Lukas Hoffschmidt | Ep. 17

Hi, welcome back to another episode of The Med Device Cyber Podcast. I'm Christian Espinosa, the founder of Blue Goat Cyber. I'm here with Paul, our guest, and Trevor, our co-host. Paul is from Alpha Sophia. Paul, would you tell us what Alpha Sophia does and how you fit into the MedTech space? Yeah, sure. First of all, Christian, thanks a lot for having me on the pod today. It's a great pleasure spending the next minutes, the hour, chatting with you about the MedTech space, about cybersecurity, and how MedTech startups best launch in that environment. With Alpha Sophia, we've built what we call a commercial intelligence platform for the US healthcare market. That means we've basically built a platform that helps medical device companies, but also digital health companies and all other life sciences companies—basically anyone who tries to engage with healthcare providers in the US—to launch their products to market, find the right physicians, practices, hospitals, and so on to market to for their specific products and use cases they are offering with their products. Okay, awesome. Given your experience with these startups trying to find the right audience, what trends are you seeing in MedTech and with people launching their new products? Yeah, I mean, there are a few trends. First of all, I think the US healthcare market is getting more and more important; it has always been the largest healthcare market in the world, but that trend is continuing to go on. Especially with regulatory processes in Europe, for example, being a bit slower at the moment, which leads to many MedTech startups, but also digital health startups and so on in Europe to look to the US market first and first launch on the US market. And then, secondly, I think another big trend is that besides traditional MedTech with physical devices, the share of companies who either have a fully digital solution—maybe I don't know, also maybe an AI or software-based solution—or companies who have a mixture of both where it's a physical device coupled with software and so on, is steadily increasing. And that's probably also something you are seeing in your work when it comes to helping those companies make sure that from a cybersecurity perspective, every check box is marked. I don't know whether you see a similar trend. What do you think, Trevor? Do we see more devices that are a combination of hardware and software or more that are just software now? I think it's a pretty solid mix, but what's becoming more uncommon is just pure hardware. It seems like there's always going to be some digital component or a cloud component attached, whether it's only the cloud component or a combination of the two. I do agree. And so you're saying, Paul, that the US is one of the bigger markets. I know Trevor and I have some discussions, and I think the Middle East is going to become a bigger market, and then maybe even China. What are your thoughts on that? Yeah, first of all, I mean, traditionally, the US is at least 40% of the global healthcare market, and then probably from a value capture perspective, it's even more because average margins in the US are higher compared to other places in the world. We have the most health issues in the US too, probably, so that might be a contributing factor. The most health problems and the most expensive healthcare. Exactly. But that being said, you're totally right. Especially like the Middle East is really ramping up. I think a few weeks ago, Arab Health in Dubai was, I think, one of the largest trade shows in the space that was ever held. And you also see countries there and the country governments heavily investing into healthcare. And then, of course, I think what is quite favorable for those environments, especially in the Middle East, is that they often adapt methodologies and regulatory pathways from the US. For example, the American Medical Association terminology is also being used widely in the Middle East. So, it's quite easy, comparatively, for companies who are used to the US healthcare market, but then also launch products in the Middle East, for example. Yeah, I saw a lot of posts about Arab Health. We missed that one. We'll be at MedTech World in Dubai in a couple of weeks, though. So, a little bit smaller event, but next year we'll be sure to hit Arab Health. I know Trevor has some connections in Saudi Arabia. We're trying to get into that market over there, as well as UAE and Qatar. I think those are a few areas that are kind of like, it's like the race to see who can be the MedTech hub of the Middle East, I feel like over there. Yeah. What's your impression? Are those countries predominantly a healthcare market in terms of a buyer of medical devices or medical software solutions, or are there also, is there also innovation from a manufacturing point happening in those countries? Yeah, when I was in Dubai last, I did this tour where they had the Sheikh's vision of the future, and they are really trying to make a lot of innovations in healthcare. So, I feel like they want to become the manufacturer as well as the buyer, kind of both, really. Yeah. What? I know you primarily help the organizations get their product in the right hands and the right audience, but what are some of the biggest hurdles these startups have? We know what the hurdles are from cybersecurity, but you know, when they get the device cleared by the FDA or MDR, then what happens from your perspective? Like what are the hurdles that they have? Yeah. So we usually start engaging with our customers usually one or two years before they reach the final FDA approval at the earliest, or when they already have launched products to market and want to further accelerate growth, or have an established product line on the market and want to open up further potential customer cohorts. So we are, from a stage perspective, we are a bit later than you usually engage with your customers, which is to my understanding, rather in the early R&D phase or later R&D phase where you help them with cybersecurity issues and making sure everything is in compliance. I think the biggest issue for any manufacturer of medical products still is, first of all, how do you find the right potential customers, the right physicians, practices, hospitals, and so on to talk to? And then, secondly, how do you get the attention of those busy doctors, where doctors are super busy? You might get, I mean, there's this traditional saying of maybe catching them at the operating room sink for a few minutes, and then you have like two, three minutes to make your point, and that's getting harder and harder. So, you need to be more creative when it comes to building what we call an omni-channel strategy of approaching or nurturing those potential customers over time to warm them up for your for the products and services you're selling, and then to eventually convert them into customers. And the best thing to do is basically, don't don't think there is a silver bullet out there, but you need to find, first of all, the really specific right customer for you so that you're not spending any resources on potential targets who will never convert because they can't use your product or are not a good fit, don't have the patience to treat with your product, and so on. And then, secondly, also have find providers who are actually open to new innovative solutions and are open to adopting them. And then, thirdly, it's not going to go in a way that you send out one cold email or do one cold call or do one sample drop at the practice and then suddenly they convert into customers. But it's more like you need a 360-degree strategy where you create content and reach out and nurture those potential customers with your content. You need to be on multiple platforms. You, of course, need to go to conventions and maybe meet them in person. You need to eventually visit them also and show them your solution to build trust, but at the same time also build up an audience for your company and the products you're selling, for example, on LinkedIn or other social media platforms to create multiple touch points with your potential customers. Yeah, it's interesting. You so you start working with your clients you said a couple of years, one or two years, before their devices are on the market at the earliest? Yeah. Yeah. With us, manufacturers typically come to us within like six weeks or eight weeks before they're trying to submit to the FDA or the MDR. It's like they kind of totally forget about cybersecurity until the regulatory authority person says,