Photo by Chris Peeters

Intro

Imagine you’re the CEO of a large hospital network.

You’re upgrading cath labs across 46 hospitals—a $100M decision.

Imagine you could acquire medtech and verify optimized cybersecurity in 2 hours. Eliminating weeks of back-and-forth questionnaires with hundreds of questions.

Would you pay a premium for lower ransomware risk and faster procurement?

Because every day that goes by in vendor evaluations is a day attackers will exploit.

I’m working on an AI to speed up medtech deals and raise prices - helping vendors close faster and charge more.

Now that I got your attention, let’s dig into it.

Like any good tech entrepreneur, I’ll start with the problem and some financial dimensions.

Healthcare IT loses the battle with ransomware

Ransomware against healthcare exploded in 2024 — attacks doubled, payouts hit records, and threat actors got bolder. In 2025, AI-driven intrusion, automated deployment, and a surge of active threat groups have pushed global damage toward $57B a year. Healthcare alone saw a 76% rise in targeted attacks.

Healthcare IT teams work harder and lose more battles.

Attackers are undeterred by regulation. They never are.

Attackers now use AI coding agents to scan for vulnerabilities, generate exploit code, steal data, rank it by extortion value, and auto-issue ransom demands. One individual ran 17 successful incidents this way.

Meanwhile, hospitals and medtech vendors rely on compliance checklists and BAA agreements that require disclosure — but not monitoring. Sophisticated hackers “live off the land”.

Effective cybersecurity is now a business requirement for medtech vendors and healthcare providers.

I’m building an agentic AI system to do this.

Full transparency: I’m not building this from scratch. We developed Practical Threat Analysis (PTA) 15 years ago and used it with 20+ Israeli medical device companies—including Biosense (J&J), EarlySense, and Dario Health. I also wrote WHO Europe’s cybersecurity and privacy guidance for digital health, which informs the regulatory framework here: GDPR + ISO 27701 for privacy, NIST CSF + SP 800-53/171 for technical implementation.

Medtech cybersecurity requires attacker discipline

If you want to turn cybersecurity into a GTM strategy, your first step is to think like an attacker. Construct your countermeasure plan like an AI-assisted ransomware attacker constructs her attack plan.

To get to a yes, you need to answer 3 questions for your customer in practical, financial terms.

• How much value at risk you had before you implemented a prioritized, cost-effective security countermeasure plan

• How much residual risk you have after implementing the plan

• What are the prioritized, cost-effective security countermeasures you implemented to achieve this risk level

The $57B ransomware problem is creating a $57B opportunity for medtech vendors who treat security as a go-to-market advantage. (Roughly 10% of the $570B global medtech market).

OpenCRO

PTA was a Windows desktop app using Access. OpenCRO is the AI-native rebuild—same discipline, cloud-based, with agents that can parse device schematics and data schemas. The case study below shows preliminary results from the new system.

The methodology is proven. What’s new is AI automation. The case study below shows preliminary results obtained from the calculative model. Data has been obfuscated from a real-world example. Quantitative threat model, analysis and optimization per FDA 524B guidance.

Below is what this looks like in practice: a quantified threat model for a cath lab device, mapping threats to prioritized, cost-effective countermeasures—exactly the structure FDA reviewers and hospital security teams expect.

OpenCRO Prioritized Cost-effective Countermeasure plan for minimizing VaR

Best-performing countermeasures first. Least-performing countermeasures last.

Medtech. Move fast. Get More sales.

It turns out that this form of threat analysis thinking is precisely what FDA cyber reviewers are looking for.

And it’s also what your healthcare customers want to see.

1. Quantitative. Financial terms shifts the sales process from features to effectiveness and cost of sustaining your system

2. Transparency. Creates a common ground with the customer security team and room for discussion to go from No to Yes

3. Effectiveness. Reduces the work your customer needs to do to evaluate your medtech and implement a solution

Outro

I’m working on something new - an AI to compute prioritized, cost-effective security for medtech systems.

My hypothesis is that talking the language of money, being transparent and proving effectiveness is the best way to build and sell a premium product.

I have 5 early-adopter slots for Q1 2026. If you’re interested, email me.

Like Vanta for SOC 2—but for FDA medical devices.

That’s the wedge.

This week on Life Sciences Today

This week on Life Sciences Today, my guest was the brilliant Dr. Tiffany Callahan, Machine Learning Research Scientist at SandboxAQ.

Tiffany holds a PhD in Statistics from Columbia, where she focused on causal inference for medical data, followed by postdocs in biomedical informatics and agentic AI systems at IBM Research.

At SandboxAQ, she’s working on physics- and biophysics-grounded AI for drug discovery—models designed to be interpretable, mechanistic, and robust to messy real-world data. She helped launch SARE, one of the largest public datasets of co-folded protein–molecule structures, now available on Hugging Face.

We talk about why causal reasoning matters, how transparency becomes a competitive advantage, and what trustworthy AI really means in life sciences.

See the podcast here

About me

I’m a writer, ex-pharmatech founder, father of 4.

I’ve been building in tech, cyber, privacy, and clinical data for 25+ years across Israeli medical device startups, Verily, Amgen, and the Fortune 1 company. I work at the intersection of engineering, regulatory risk and clinical data — helping teams produce cost-effective, prioritized security countermeasure plans.

If you love my writing — share it

Share

If you want more like this — subscribe to Clear Thinking