Hi and welcome to the A16Z podcast. I'm Hannah. What we're talking about today is the

world of where bits and bites meet flesh and blood, the security of medical

devices. Many don't realize we even need to think about the possibility of security hacks

when it comes to things like pacemakers and insulin pumps and more. So what are the

issues and risks we need to be aware of in exposing security vulnerabilities in biomedical devices.

This conversation with Bo Woods, Cybersecurity Innovation Fellow with the Atlantic Council,

part of the I am the Cavalry Grassroots Security Initiative and founder and CEO of Stradigo Security and Andy Caravos, co-founder and CEO of Electro Labs,

advisor to the Biohacking Village at Defcon, both of whom were formerly EIRs at the FDA,

and myself, looks at how we begin to think about addressing these security issues in

the biomedical device space, the frameworks that should guide our

conversations and thinking, and how and when stakeholders should be incentivized to address

these challenges. We begin with stories of how some of the first security researchers discovered these issues,

but we also talk about how the FDA began to think about security as part of the safety of all medical devices,

including software as a medical device, and how we should think

about understanding, monitoring, and updating the security of these devices from philosophical

North Star's statements to on-the-ground practical fixes and updates.

I'd probably start the story around 2010-2011

when a security researcher and diabetic patient named Jay Radcliffe used an insulin pump to dose himself

whenever he needed to add insulin to his body. And he had a couple of incidents where just through potential misuse or through accident,

where he had some pretty severe potential for harm.

And because he was a security researcher, he started saying,

well, if this is what it could happen with accidents,

...