Episode 57 · February 5, 2026 · 41m listen · 1,696 words · ~8 min read
What 15 Years In MedTech Taught This CEO About Cybersecurity with Marc Zemel | Ep. 56 - Full Transcript | The Med Device Cyber Podcast
Read the complete, searchable transcript of Episode 57 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.
Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.
Episode summary
In this episode of The Med Device Cyber Podcast, Marc Zemel, co-founder and CEO of Rhae Medical, shares insights from his 15 years in MedTech, transitioning from a mechanical engineer at MIT to leading a medical device company. He discusses the evolution of medical technology, from bulky ECG leads to compact smartphone-integrated devices, and introduces Rhae Medical's Argos Infinity, an advanced hemodynamic monitoring platform. Zemel emphasizes the critical importance of embedding cybersecurity into the culture of medical device development from the outset, highlighting the pitfalls of a "move fast and break things" mentality in a field where patient safety is paramount. The discussion covers the significant challenges medical device manufacturers face with FDA submissions due to inadequate cybersecurity preparedness, noting that cybersecurity is the number one reason for FDA rejections. Zemel advocates for a proactive approach to cybersecurity, emphasizing robust architecture, penetration testing, and continuous validation. The conversation also delves into the future of wearables, raising concerns about their current unregulated status, data privacy, and the potential for these devices to evolve into "clinical grade" tools, necessitating stricter regulations and validation standards.
Key takeaways from this episode
Rhae Medical's Argos Infinity platform demonstrates the evolution of medical technology from invasive procedures to data-driven, non-invasive patient monitoring, offering an early warning system for cardiovascular issues.
Cybersecurity must be integrated into the medical device development culture from the start, as a reactive approach leads to significant delays and regulatory hurdles.
The FDA increasingly scrutinizes cybersecurity, with inadequate preparedness being the primary cause of medical device submission rejections, underscoring the need for comprehensive documentation and testing.
Unlike consumer tech, medical device development requires meticulous validation and a departure from the 'move fast and break things' ethos due to direct patient safety implications.
The future of wearables in healthcare necessitates a reevaluation of current regulations, data privacy, and validation standards to ensure their safe and effective integration into clinical practice.
Medical device manufacturers must prioritize robust cybersecurity architecture and penetration testing to gain trust from hospital IT departments and ensure timely product adoption.
Full episode transcript
Page 1 of 2· Paragraphs 1 - 6
I remember being nine or 10 years old, I think, with all of these ECG leads running all over the place, connected to me 24/7, even for months after surgery. And now we've had some companies come through our door where it's just a little app you get on your phone, and then one tiny ECG lead, and that's it. And it sounds like you guys are a key example of that. It's sort of the old story of a necessity is the mother of invention. We develop algorithms for detecting changes in cardiovascular status; we deploy them in standalone monitors. It is our new product called Argos Infinity. Often, we will detect problems before the blood pressure drops. We took a long look at the protections that we needed to ensure that we had proper cybersecurity because there's no going back. I've had scenarios where people were in the O, and we saw a change before they saw blood pooling in the surgical field, where seconds mattered, and they had to initiate a mass transfusion protocol to bring the person back to life. Frankly, if somebody's getting in there and they're monkeying with your system and then giving you the wrong information because they found a backdoor or whatever, your reputation is gone. Cybersecurity is the number one reason that medical devices are getting kicked back.
Hello there and welcome back to another episode of The Med Device Cyber Podcast. Your usual hosts, myself, Trevor Slattery, and Christian Espinosa, are here, as well as a very special guest that we have today, Marc Zemel. What we're going to talk about are some of the challenges that MedTech innovators and startups and manufacturers may face while moving into their cybersecurity journey and moving towards their submission pathway. Before we dive in too deep, I'll check in with everyone and see how everyone's doing today. I'll start with you, Christian. How are you doing?
I'm doing well. I just got back from Kenya, so about 40 hours of travel. I was a little bit jet-lagged. I got a little sunburned in Kenya, where I was staying at altitude. It's about 6,000 feet high. So I hung out in the plunge pool for about 15 minutes, and I guess because of the altitude and the sun bounced off the water, I got a little sunburn. Plus, you're driving around in these little vehicles all day in the wind, looking for the rhino and all the animals, so that was fun.
A sunburn in December is never a bad thing. Yeah. And plus, I got, I still wear these glasses. I don't like the way they look on video though. But I've gotten used to wearing these like blue blocker glasses, whatever, even though they don't look so cool. There you go. And how about yourself? How are you doing today, Marc? I'm doing great. We just almost wrapped up 2025, Way ahead of plan, which was awesome. And looking forward to kicking off 2026 and continued growth for our Rhae Medical.
Awesome. And where are you calling in from today? Yeah, we're based in White Plains, New York, just north of New York City. Trevor was just up in the area recently, weren't you, Trevor? Yeah, I was out in New York for a couple of days and then up in Toronto. I actually just got back, I think, day before yesterday. Nice. Nice. Well, let me know when you're in town. How far from Lake Placid is that? I've done the Lake Placid Iron Man. Placid is all the way north. Oh, okay. It's several hours, like four or five, hours north of us. Oh, wow. Okay. Yeah. I feel like New York's a bigger state than a lot of people realize. If you're not from New York, you think about the city, and then everything is just upstate until you get to like Ontario. Upstate is pretty far away though. It sounds like if you live in Manhattan, then where I am, which is Westchester County, is considered upstate, but it's really more like New York metro area. We're about half an hour to the Upper West Side. So, it's pretty funny. The strictest definition I ever heard is anything past 125th Street is upstate. Yeah. That sounds about right.
All right. Well, why don't you start by telling us a little bit about yourself and a little bit about what Rhae does? Sure. So, I am the co-founder and CEO of Rhae Medical. I actually trained as a mechanical engineer. I got my masters from MIT and then worked in the semiconductor capital equipment industry for about a decade. And then I decided to move into MedTech, so I went back, got an MBA at Yale, worked at Becton Dickinson for a few years, and then decided to start my own company, which I've been running now. In May, it'll be 15 years, Rhae Medical. I joke that we were two guys with slides. So, I licensed the technology, raised the capital, built the team, took us through FDA CER, and now we are sold in 18 countries. In the US, we're sold by Medtronic. We're in 75 hospitals. It's been quite a ride, and you know, a lot more to do.