In this Tech for MedTech episode of Inside MedTech Innovation, I talk with Andrew Hendela, co-founder and CEO of cybersecurity company Karambit.AI, focused on software behavior analysis, about how software updates are quietly redefining safety and risk in connected medical devices.
Andrew shares the real-world implications of software supply chain vulnerabilities, including insights from the SolarWinds cyberattack, and how traditional testing methods often fail to catch malicious changes. We dig into why static software bills of materials aren’t enough, and how observing behavior, not just ingredients, can reveal hidden risks.
We also explore what the FDA’s evolving regulatory stance means for MedTech teams deploying AI and software-driven features, and how Andrew’s work is making it possible to validate safety at speed. For developers, regulators, and clinical leaders, this episode sheds light on a critical, but often overlooked, pillar of digital health: ensuring that every software update is safe, explainable, and ready for patient-facing use.
0:00 Introduction and Overview
01:29 Meet the Expert: Andrew Hendela
02:30 The SolarWinds Attack and Its Implications
04:01 Challenges in Software Assurance
04:46 The Role of Software Bill of Materials
06:48 Andrew's Background and Career
09:07 Applying Cybersecurity to MedTech
12:56 Behavior Analysis in Software
19:00 Third-Party Software and Compliance
21:08 Understanding Third-Party Software Risks
21:25 Challenges of Hospital Software Updates
21:53 Patient Monitor Vulnerabilities
22:55 Proving the Technology's Value
24:34 Navigating Compliance and Legal Hurdles
25:52 Collaborations and Research Opportunities
27:43 Regulatory Challenges and Solutions
36:47 The Importance of Tangible Impact
39:20 Final Thoughts and Contact Information
Follow Shannon and Andrew:
Connect with Shannon:
LinkedIn: https://www.linkedin.com/in/shannonlantzy
Website: https://www.shannonlantzy.com
Connect with Andrew:
LinkedIn: https://www.linkedin.com/in/andrew-hendela/
Website: https://karambit.ai/
