Intro

Paying customers is the only proof you have that you created wealth.

If you want wealth, and people aren’t using your products and services maybe it’s not because you suck at sales and marketing.

Maybe it’s because you haven’t made what they want.

What people want in a $700BN business.

I like MedTech. Not because of the size of the industry but because of the people building incredible products.

I’ve worked on dozens of MedTech cyber and privacy projects in over 70+ clinical trials and 5 FDA approvals.

I viscerally understand the physical, mental and financial stamina you need to develop a product and get regulatory approval.

And after the marathon of R&D and regulatory approval, you go to market and sell to healthcare providers.

Hospital systems are regulated, conservative, complex, highly political, and price-stressed with many stakeholders.

But beneath the complexity, the incentives are surprisingly similar for MedTech vendors and Healthcare providers:

MedTech vendors want to:

• Capture value for their shareholders

• Reduce their sales cycle times

• Defend their pricing

Healthcare providers want to:

• Improve clinical outcomes and operational efficiency

• Reduce operational and ransomware risk

• Defend their network

Both want the same thing:

Invest as little as possible in cybersecurity and privacy — and reduce risk to a minimum.

That’s where the system breaks down.

Why compliance doesn’t work

They don’t answer the only question that counts:

Which attacks actually threaten the business and how much business risk do they create for the hospital in dollar terms.

Boards, CISOs, RA/QA teams, engineering, and procurement all operate in different languages.

But everyone understands dollars and cents.

What I’m building

I’m working on an AI system called OpenCRO for hospitals and MedTech vendors.

Its job is simple to state and hard to do:

Compute prioritized, cost-effective security countermeasures for MedTech vendors and their healthcare customers.

• Not security theater.

• Not generic checklists.

A 2-sided platform for hospitals and vendors that:

• Analyzes attack scenarios

• Prices risk in financial terms

• Computes prioritized, cost-effective countermeasure plans

• Aligns with FDA 524B lifecycle requirements

• Aligns with local, national and international privacy and security requirements.

Quantitative threat modeling frameworks that compute risk in dollar terms are not new. The discipline is proven.

Fifteen years ago, we built PTA — Practical Threat Analysis, a desktop tool used by thousands of analysts across cyber and privacy projects. OpenCRO is the AI-native rebuild: cloud-based, agent-driven, capable of parsing device architectures, data schemas, regulatory context, and stakeholder constraints automatically.

Agentic AI automation is new.

A platform that puts suppliers and customers on the same security page is new in the $700BN MedTech industry.

What I’m learning these days

I’m talking to people across the ecosystem — MedTech, hospitals, CISOs, RA/QA, procurement, regulators.

I’m testing two hypotheses here:

1. Are hospitals my primary buyer because they need vendor supply chain risk management?

2. Are MedTech vendors the primary buyer because they need to accelerate procurement?

And it sort of feels like a chicken and the egg problem, common to network effect platforms.

From your perspective, what’s the biggest thing that slows down or blocks MedTech sales today?

Email me with your perspective and I’ll share what I’m seeing across the market.

This week on Life Sciences Today

My guest this week was Philip Poulidis, CEO of Odaia AI in Toronto.

Odaia AI is a real-time AI platform for pharma commercial teams (sales reps, MSLs, marketers).

Spun out of University of Toronto and University of Lausanne research in 2018, Odaia ingests disparate data (prescriptions, claims, market access, digital engagement) and, via its Sherpa engine, automates cleaning, labeling, and feature creation—no customer data warehouse needed. The platform builds patient- and HCP-centric profiles and delivers real-time targeting and next-best-action guidance, replacing crude decile rankings with dynamic, context-aware insights. It orchestrates true omnichannel engagement (field + digital) to avoid oversaturating HCPs and is sold on a per-brand, per-indication basis with unlimited seats and data, encouraging broad adoption and a data flywheel. Odaia measures impact via adherence to its recommendations and Rx lift across therapeutic areas including immunology, respiratory, neurology, oncology, and rare disease, integrating seamlessly with Veeva, Salesforce, and data partners like IQVIA.

Visit Odaia here

You can see the episode here - Real-time pharma insights

About me

I’m a writer, ex-pharmatech founder, father of 4.

I’ve been building in tech, cyber, privacy, and clinical data for 25+ years across Israeli medical device startups, Verily, Amgen, and the Fortune 1 company. I work at the intersection of engineering, security and privacy risk and clinical data.

If you love my writing — share it

Share

If you want more like this — subscribe to Clear Thinking