Sheldon explains how Medtronic and partners work hard to keep connected devices safe and secure

July 21, 2021

Two decades ago, Ann Sheldon was drawn to Medtronic by its mission to create devices that people. Today, Sheldon, vice president of security, heads a team that assumes an increasingly essential mission of protecting those devices – and the patient they help – from outsiders that might want to disrupt their performance. In this episode, Sheldon explains what Medtronic is doing to ensure the many benefits of connected devices aren’t impeded by hackers and other outside forces. The company is drawing on many employees and partners from outside the company to create a safe connection between its medical devices and the patients who rely on their optimal performance.

Subscribe
iTunes    Spotify    Soundcloud    Google

 

Tom Salemi (00:00):

Hey everyone. This is Tom Salemi of DeviceTalks. Welcome to our newest member of the DeviceTalks podcast family. It's called MedtronicTalks. Our constant search to find new ways to bring you insights in the MedTech industry led us to the fine, fine folks at Medtronic. They've agreed to make their senior leaders available to us and to you. In each episode, we'll discuss the opportunities and challenges facing one of MedTech's clear leaders. So you'll have an inside view on what makes Medtronic go. We'll ask the questions, Medtronic will provide the answers, and our great network of sponsors makes it all possible. So sit back, hop on a treadmill, take the dog for a walk, whenever you do when you're listening to a great podcast, and let's listen to how Medtronic is getting the job done. Let's go.

Tom Salemi (00:46):

Hey everyone. This is Tom salami of DeviceTalks. Welcome to this episode of the MedtronicTalks podcast. We're going to talk about security. I had a chance to speak with Ann Sheldon. Ann Sheldon is the vice president of product security at Medtronic. This is an essential topic for MedTech. MedTech devices are increasingly connected, which means they're increasingly vulnerable to attack. So I spoke with Ann about the steps that Medtronic is taking to ensure their devices remain safe. As Ann says, later in the podcast she quotes one of her employees who says that historically, the medical device industry and regulators have been working to keep bad devices from harming people.

Tom Salemi (01:27):

Now with the risks of cyber warfare and cyber attack, the responsibility really is ensuring that bad people don't harm good devices. So it's an important and essential duty. And Ann was very generous with her time in explaining what Medtronic is doing to make that happen. But before we get into this interview with Ann Sheldon, I'd like to introduce this episode's sponsor, Emergo. I'm speaking with Sarah Fitzgerald. Sarah is senior consultant quality and regulatory affairs at Emergo. Sarah, tell us about Emergo.

Sarah Fitzgerald (02:03):

Emergo by UL is a leading regulatory consulting firm. We specialize in medical devices and in vitro diagnostic device compliance with a presence in six continents. We provide on the ground expertise. Our services include but are not limited to device registrations and pre-market submissions, quality management system implementation and improvements, in-country representation, human factors considerations, and consulting on various topics from the standpoint of what medical device regulators wish to review such as cybersecurity, biocompatibility, and sterilization.

Sarah Fitzgerald (02:35):

Our regulatory affairs management suite or RAMS product provides clients with real-time changes to regulator expectations allows clients to track their registrations easily and provides the insight for 22 markets worldwide to help companies prioritize expansion planning. In other words, we support clients, bring their products to market around the world to help people live better fuller lives through access to medical devices. Emergo has been helping clients since 1997 and was acquired by UL in 2017. We're proud to have helped several companies reach the market through emergency access routes set up by regulatory agencies around the world during the COVID-19 pandemic.

Tom Salemi (03:13):

We'll learn more about Emergo a little later in the podcast, until then you can find out more information by visiting emergobyul.com that's E M E R G O B Y U L.com. Well, Ann Sheldon, welcome to the podcast.

Ann Sheldon (03:32):

Thank you Tom. It's great to be here.

Tom Salemi (03:35):

This is a timely conversation given the hacking, and such has been in the news way too long. And we're seeing some serious industries being impacted. And I can't think of anything much more serious than medical devices. So I'm looking forward to learning a lot. But as always, I like to learn a lot about our guests as well. So could you tell us a bit about how you came to work at Medtronic? Tell us a bit about your history.

Ann Sheldon (03:59):

Yeah. Absolutely. Thanks for asking. So I started my engineering career working for Rosemount, and I oversaw the design and installation of control systems and some of the largest manufacturing facilities in the world. I actually did a lot of work in paper mills. Through that activity and an early engineer, I decided I needed to spend some time in manufacturing myself.

Ann Sheldon (04:21):

So I transitioned into working for NordicTrack, the ski company. And it was my first real take on working for a company that was customer focused because it was all about fitness. And ran into one of my college friends and he said, boy, you sound like you're a mission driven kind of person. I work at Medtronic and you should look at them. They've got a Mission that they believe in. And so I started looking around at Medtronic and landed here 26 years ago.

Tom Salemi (04:50):

So it was less a MedTech thing and very much a Medtronic thing.

Ann Sheldon (04:53):

It was. It was really about the Mission. To alleviate pain, restore health and extend life, it's so easy to be connected to that. And the patients, knowing that I could be a patient, my family has heart disease, and knowing that some of my family has actually been served by Medtronic. Those are things that get me up in the morning and really get me excited about what I do.

Ann Sheldon (05:15):

And Medtronic is a big company. We've got lots of operating units and lots of functions. And in those 26 years I've been afforded the opportunity to work in our free-market, in our post-market area, customer operations, I've done some Lean Sigma work. And this role really excited me because I could get back closer to the engineering and closer to the product itself and the patient. And this is something that's really in the forefront, you mentioned that earlier, no patient wants to think that their product isn't safe. And that is the forefront foundational here at Medtronic is that we make sure our products are safe, so our patients know they have our trust.

Tom Salemi (05:55):

Sure. And more, and more, of these devices are going to have some component that may be vulnerable if not guarded against. So your title is a VP of product security, talk to me a bit about how you transitioned into that field. Did you move from engineering into IT and to security? What's your background or your path into sort of focusing on this particular part of product development?

Ann Sheldon (06:21):

So I spent time in supplier quality, and that was the role I had right before this. We have suppliers that we purchase software from. And so this was something that was in the forefront. In this role that I have now used to sit within our IT team. And collectively as a company, as we were making organizational changes, we decided to move that function into the quality realm. And we did that on purpose because cybersecurity or product security is just linked to our risk management process. And giving it more visibility into the quality function and into the product development teams was really the right thing to do.

Ann Sheldon (07:04):

So that transition happened about 15, 16 months ago. And I can say it's been a great transition. We have a great relationship with our IT organization. So there's a global security office that oversees our enterprise security and we partner with them. And my team existed within that global security office. They've come over and they are some of the biggest experts here we have in the company. It's a small team, but collectively we have over 90 years of security experience.

Tom Salemi (07:34):

Interesting. Well, zoom out a bit and talk to us a bit about the broader range of threats facing medical devices today. What are some of the things that keep you and other members of your team up at night?

Ann Sheldon (07:49):

Yeah. That's a million dollar question. So our society is increasingly connected and medical devices are really no different. And there's a big benefit that comes with that connectivity. Being able to understand what's happening with patients and our physicians being able to have a greater insight into the lives of our patients through data. But with that connectivity comes the responsibility to make sure that the device is secure. And so this is an ever-changing landscape for us. One that five years ago looked way different than it does today. And it will look way different even six months from now.

Ann Sheldon (08:27):

So that's probably one of the biggest challenges we have is just staying relevant and making sure that our products are designed to last in the marketplace for the length that they need to be there. Our product life cycles are long. Products can be out there for 15, 20 years. And so making sure they stay relevant is really important. And we do that through always monitoring our products. So being very aware of what's happening in the marketplace, being connected to vulnerabilities that are out there, constantly looking at our product portfolio itself to look for any vulnerabilities and staying on top of that.

Tom Salemi (09:12):

That's a great point. I mean, this isn't Apple where they can send out a new watch every year and you're going to just buy it perhaps, or every other year perhaps and slap it on your wrist. These are devices that are being implanted and aren't that you can exchange them as easily. So how are you sort of able to project what sort of protections you'll need and what the risks may be? It's an interesting point because the devices are being built to last longer. They have longer batteries, that's part of the selling point, but 10 years down the road, we don't know what is going to be used to sort of create a problem. So how do you straddle those two things safely?

Ann Sheldon (09:54):

Yeah. So as we embark on our product development projects, we ask our product teams to think about their legacy. So not just when they release the product, but they need to think out further. The platform that they're selecting, software that they're investing on. Is it Medtronic software that we designed ourselves or is it a third party, a supplier that we're working with? So they have to think out much further.

Ann Sheldon (10:19):

And while the prediction is not as easy as maybe the prediction that we might have for bench testing of a lead or a pacemaker, we still have to understand what is evolving in the marketplace today. So we've got partnerships with our suppliers. We've got partnerships with the industry. And those industry partnerships also include companies outside of med device. So we can learn from the government, we can learn from the aerospace industry. And those relationships actually raised the bar for everybody.

Ann Sheldon (10:52):

We connect with our industry peers and some of our competitors. We're at the table at those industry activities, making sure that we're all thinking forward toward the future. And then as the future comes and we release those products, what's really important is that post-market process where we monitor. So we do have people that are constantly looking for vulnerabilities. They're engaged with the security community. And so when those vulnerabilities are known, we will again look back at all of our portfolio and say, hey, where are the potential vulnerabilities? The product development teams get back involved, and we're constantly making sure products are safe.

Tom Salemi (11:36):

Where do you sit in the org chart of the 20 operating units? Are you one of those entities that supports all 20?

Ann Sheldon (11:44):

I am. I'm very fortunate to be one of those support all 20. And so we've got what we call an enterprise security team and they worked with the operating units that have products that would be smart or are connected. Each one of those operating units also have security personnel that are experts, and they're part of their product development teams.

Ann Sheldon (12:06):

The role my team plays is to harness the energy of the enterprise and come up with consistent methods that we can do product development. And so you've heard from some of the other leaders that you've interviewed, the play big to play small. We are the ones that we interface with the industry, we're interfacing with our regulators, we're making sure we understand the changing landscape, and helping the businesses understand the constraints that they have to operate within, and then sponsoring and helping them as needed.

Ann Sheldon (12:39):

We do have the opportunity to do a lot of learning forums across those 20 [operating units]. The security community is very close knit. We will have product development teams work together on new designs and give critical feedback to one another from the different seats that they have. And again, just raises the bar on what that product will look like in the future.

Tom Salemi (13:01):

Do you have an overarching recommendation for say software development? Is it safer to build it in-house as opposed to go outside or perhaps vice versa? And is that philosophy sort of broadcast or shared with all 20 units and they're advised to sort of follow along?

Tom Salemi (13:22):

We'll take a quick break from this interview with Ann Sheldon to bring back Sarah Fitzgerald of Emergo. Sarah, what do you see as the biggest regulatory related challenges for the medical device industry?

Sarah Fitzgerald (13:34):

Well, ultimately manufacturers and regulators want to ensure that the medical devices that are used around the world are safe and effective for their intended use. Regulatory agencies continue to adapt their requirements in an effort to best ensure this, and companies need to follow and comply. Therefore, the biggest challenge for the medical device industry that is that as a global trend ,regulations continue to change.

Sarah Fitzgerald (13:57):

In general, regulations are becoming more complex and have more and more requirements. That's why a RAMS product can be so valuable for keeping up to date on regulatory changes around the world. For example, the European requirements for the medical device regulations or MDR, and in vitro diagnostic regulations or IVDR, present many more requirements resulting in a huge challenge for industry. For the IVDR there are many companies that were previously able to self declare certification that are now subject to notified body certification. We are seeing significant challenges in the software in, or as a medical device around the world. And there has been tremendous growth in this area.

Sarah Fitzgerald (14:36):

These medical devices can range from simple downloadable apps to complex devices like artificial organs. There's increased scrutiny and growing expectation among regulatory agencies for software in general and cybersecurity specifically. This has only increased with the spate of recent cyber security attacks. Even companies that have previously breezed through the issue of cybersecurity are frequently being challenged by regulatory agencies.

Tom Salemi (15:01):

And how are different countries incorporating cyber security into their regulatory requirements?

Sarah Fitzgerald (15:07):

Regulators around the world are expecting to see cybersecurity procedures in quality management systems to cover the entire product life cycle. This includes clear plans for software or patch upgrade deployment, communication plans to inform customers of necessary information, mitigation plans and remediation plans.

Sarah Fitzgerald (15:25):

Regulatory submissions are expected to include thorough and evidence-based threat modeling as part of risk management, and to include significant verification and validation testing to ensure the safety and effectiveness of the ultimate device. Companies should ensure that their cybersecurity meets current regulatory agency expectations as communicated by guidance documents. Especially for higher risk devices, certification to cybersecurity related standards should be considered.

Tom Salemi (15:54):

Finally Sarah, how can Emergo help with these challenges?

Sarah Fitzgerald (15:59):

Emergo can help medical device companies deal with their specific regulatory challenges by developing a customized plan that works for their situation.

Tom Salemi (16:08):

That's great. Thanks for joining us Sarah Fitzgerald, and thanks to Emergo for sponsoring this episode of the MedtronicTalks podcast. To find out more information about Emergo, go to their website, emergobyul.com. That's spelled E M E R G O B Y U l.com.

Tom Salemi (16:31):

Do you have an overarching recommendation for say software development? Is it safer to build it in-house as opposed to go outside or perhaps vice versa. And is that philosophy sort of broadcast or shared with all 20 units and their advice to sort of follow along?

Ann Sheldon (16:51):

We actually use a hybrid because... Again, this gets back into what I said around leveraging the industry. We don't know what we don't know because we're within our own walls. And so by leveraging third parties, by leveraging suppliers, they will bring to the table things that maybe we didn't think about.

Ann Sheldon (17:10):

And so we're constantly sweeping it again for the latest and greatest, and the companies that do this as well as we do if not better. And bringing them in and helping our product development teams see that. So there's no mandate that we have. We want best in class. And certainly it comes back to the patients again, that we want to develop the product that is the most secure, which equals safety for our patients. And that might mean doing it internally, and it might mean leveraging a third party.

Tom Salemi (17:41):

So when do you get involved? When does your group get involved? Is a lot of the legwork already done by the product teams at the OU and you sort of come in to make sure the fences are high enough and strong enough? Or are you involved at the very beginning of the creation of a new device or a new iteration of an existing device?

Ann Sheldon (18:01):

So our team has set up the construct by which the security framework will be done. And then we will be brought in, in some cases to do the testing for an operating unit. They'll want your set of eyes, right. And so again, this gets into who can we bring in to look at this product, to look at it differently because maybe we're just too close to it? And so it's not unusual that our team would be involved in front modeling, it's not unusual that our team would be involved in any sort of penetration testing. We would help the operating unit out in that respect.

Tom Salemi (18:33):

So are you intentionally kept separate from those early steps so you have that fresh set of eyes? And you've sort of an objective take on what's being done?

Ann Sheldon (18:42):

Absolutely. And then in some cases, operating units will reach out to us directly and say, "Hey, we need another set of eyes, what can we do here?" And so I appreciate that and they do too. And we've created this really strong relationship where there's trust between the operating units and our enterprise team.

Tom Salemi (19:02):

Do you work with those entities, the white hat, hacker types who you intentionally sick on your devices and challenge them to find vulnerabilities?

Ann Sheldon (19:14):

Yeah, we do. Actually, we call them researchers

Tom Salemi (19:18):

I like my term better, but okay, we'll call them researchers if that's what you want to go by.

Ann Sheldon (19:22):

What we have found over time is that the researchers, a lot of them are customers, and they're curious. They're smart customers that are really curious about their devices, and they want to help make the industry better. And so by having that release is really important. We participate in a DEFCON And we sponsor it. This is going to be our third year where we sponsor it. We will bring devices and we will allow people to sit down and try to hack into them.

Tom Salemi (19:49):

And that's done onsite at, is it at DEFCON, D E F C O N?

Ann Sheldon (19:56):

Yeah, D E F C O N. It's an annual conference. It's usually in Las Vegas. Last year it was virtual. And so virtually we were able to provide products that the hackers could do research on. And we're get to do that again this fall.

Tom Salemi (20:13):

I think the conventional wisdom is that medical devices are becoming more and more connected, but I don't know what percentage of Medtronic's portfolio has the kind of technology that would create opportunities for hackers and create some risks? What percentage of Medtronic's portfolio has the technology that you're really focused on?

Ann Sheldon (20:35):

So we don't really pay attention with the size of our portfolio. It's difficult to give you a percentage, but it's actually not as many as you would think. And in most cases, our devices aren't connected all time like you think your cellphone is. So our capital equipment goes into a hospital, and they're actually connected into the hospital system. We talk about this as, it's a shared responsibility. It's not just a medical device company, we've got to partner with the hospital, we've got to partner with clinics that use our products. And so you'll find any of the patients themselves, you'll find that we're really focused to being able to work together in this community and this ecosystem we call it to make sure the products are safe.

Tom Salemi (21:26):

So I imagine though that you see that number being higher in three years than it is today?

Ann Sheldon (21:33):

Yeah, of course. And the pandemic really accelerated a lot of remote access. And that's not going to go away, and patients demand that, physicians want that. There'll be better healthcare because of that connectivity. And so, yes, we are again, educating internally, educating our development teams, we're hiring more security professionals, we're partnering more with security researchers to make sure that we've got the technology and the mindset to be successful.

Tom Salemi (22:06):

Going back to the conversation about researchers you mentioned working with patients, I imagine there are a number of patient populations. I'm sure that they talk frequently about the diabetes community and I'm sure they're one that's... I mean, they're well-known for hacking into existing devices in a positive way. What role are patients going to play in helping you safeguard these devices going forward? Is that more than just a... I know you have the conference at DEFCON but are you creating more established programs where patients can kind of contribute in as almost a crowd hacking effort to test and to check for vulnerabilities?

Ann Sheldon (22:45):

One of the things that the FDA recently did was they had a patient engagement advisory committee, and through that advisory committee, we learned a lot more about what the patient perspective was. And so it's kind of the voice of the customer specific to the patient. And so through that work, we have started to change some of the things that we do. So we're required to be transparent and share when we have vulnerabilities. If you search our Medtronic website slash security, you will see all of our disclosures that we've made. And we've started to make our disclosures more patient friendly. So these disclosures are pretty technical in nature, but we also understand that we have to make them such that our patients will understand them.

Tom Salemi (23:31):

You mentioned the FDA and that's a good point. What is your relationship like with that agencies, especially as they review new products? Are you in on that process, are you part of the submission? Are you engaging with FDA regulators, answering questions about the security of new devices?

Ann Sheldon (23:48):

We do interact regularly with the FDA cybersecurity office. Part of my role has been to build a partnership with them so we can be more transparent with each other and understand what they need and what we're providing. And so part of the expertise that my team will bring forward is regulatory information. So again, as we submit products across our operating units, we'll use learning forums for each of the businesses to understand some of the feedback that the FDA has given us. It's good feedback, right. They're trying to raise the bar, they're trying to help us understand how to operate in this ecosystem. And so the more transparent we can be with them, the more they can provide advice to us as we move forward.

Tom Salemi (24:35):

Excellent. And just the final question, I kind of referenced it at the top but obviously ransomware is making a lot of headlines in the news. They're penetrating a lot of industries including healthcare, but more recently the meat packing industry and the energy industry. Talk to me about that risk and the likeliest players that you're sort of keeping an eye on, that you're sort of concerned about.

Tom Salemi (25:00):

Is it groups like that that are coming from outside the US and really just coming after some sort of monetary gains? Is it people looking for medical records? And I'm sure you're going to give me an all of the above thing, but give me a sense of the population of the threat out there. Who are your number one and number two concerns? I don't need for you to identify just one.

Ann Sheldon (25:24):

Yeah. Well, I think you're right. So this landscape has really changed and it's also just exploded recently. So we're seeing more and more of it. We're getting more coverage of it. But I'll go back to our monitoring processes. So we are constantly involved in a community of security where we're looking forward to vulnerabilities, we're made aware of all the vulnerabilities. One of the things that we actually are really fortunate with is our relationship with the researchers. So we've created a positive relationship with them and not reacted.

Ann Sheldon (25:59):

I think in some cases it's not viewed as being positive, we've taken their feedback and we've taken it really seriously, and we have to pay attention to it. It's how you come to the table. You react and say, that's not true, it's likely it's going to be more adverserial than positive. And so we've really tried to use the researcher community to be more positive influence on this. And then I would say our transparency. So again, we will go out... In our disclosures, we will name who found the vulnerability. So we'll give credit to them. And that's important. They want to be recognized, they want to be known as someone that's helping the industry. And I believe that our positive work in this space helps us not be as vulnerable in other areas.

Tom Salemi (26:49):

But what do you mean by positive? Help me understand that a bit more. Do you mean that previously it was taken as criticism that needed to be defended against it? Help me understand that dynamic a bit more.

Ann Sheldon (27:01):

Well, I look at it as it's feedback, right. So we just talked about our products, when we release them, we know they're safe. But as the product life cycle grows and gets longer, we don't always know what's happening, right. And so we have embraced researchers coming to us. So we've said, yes, bring us that information. We will take on that information. We'll respond to them. We will have communication with them. And that's part of our product life cycle is making sure that we've got a positive relationship with researchers. So it's viewed as we're willing to make change and we're willing to admit that maybe things aren't as great as they could be, and they're here to help us make it better.

Tom Salemi (27:42):

Are the researchers... is this a job designation of theirs? Is this something they do as part of their living? Or are these again, patients who on their spare time just like to go at things?

Ann Sheldon (27:54):

It's some of both.

Tom Salemi (27:54):

Yeah.

Ann Sheldon (27:56):

It's some of both. Some people just do it for a living, some people are tinkerers, some people are intrigued by technology and are constantly trying to make it better. And so we see all different kinds of people involved in this space.

Tom Salemi (28:11):

And one thing I wanted to ask about was transparency. As we've mentioned a few times now that there have been attacks on other industries, varying levels of letting consumers know about what's happened. I mean, I'm not sure how many times my email and password had been hacked into or I've got new credit cards. I would think the medical device industry doesn't have any sort of leeway in not releasing hacks and attacks. How do you view the transparency or the notification requirements that go with security breaches?

Ann Sheldon (28:42):

The way I look at it is that a company can be measured. Their maturity of security is measured by how transparent they are. You're willing to put information out on your website, showing your vulnerabilities, showing how you fix them, who you worked with to fix them, or who even found them. I think that you are being very transparent and that your maturity is far greater than others.

Tom Salemi (29:10):

So what do you do in that regard, in terms of notifying patients who have Medtronic devices or notifying just the population at large as to threats or risks that have been discovered?

Ann Sheldon (29:23):

On our Medtronic website, you go to medtronic.com/security, we list out all of our vulnerabilities. It's actually a website that you can subscribe to. And when we post it, we will send you an email that we've posted another vulnerability.

Tom Salemi (29:39):

And do you get a lot of response to that? To people, are they watching closely?

Ann Sheldon (29:43):

Yeah. We do know. We can see who is subscribed. And that's good. We want people to know, we want our clinicians to know, we want our physicians to know, we want our patients to know. And so it's really important for us to share that information because we need to have the trust in the public.

Tom Salemi (29:59):

We talked a bit about patches and updates, but what is the process when you do find a problem. How do you fix things? What's the process for, after the product is out, something has happened, you need to fix it?

Ann Sheldon (30:12):

It depends on what the product is. And so we can push out updates as necessary. We will also work with the clinicians. And in general, our patients don't need to do anything. Really the clinicians that manage that. So we use our distribution channel, our sales force to help in that respect with the clinicians and the physicians.

Tom Salemi (30:34):

What do you see the device industry looking like? And I'd like to throw years out there, but say in 10 years in terms of connectivity, are we going to be amazed at the power that devices will have to communicate with each other, with physicians, between patient and physicians? What does the future look like from your perspective?

Ann Sheldon (30:51):

Yes. I think we will. And I know Medtronic wants to be a leader in that space. So we want to be able to take the power of data and help our physicians manage our patient's lives and help them be healthy going forward, so we will see more connectivity. I foresee, and I would wish for the med device industry to get comfortable with patching software on a regular basis. So you mentioned Apple earlier. And how can we as a company get comfortable upgrading our technology, upgrading our software on a regular cadence in the future? And have our patients and our hospitals and our physicians comfortable with that.

Tom Salemi (31:34):

Are those patches something that require regulatory review or do they go beyond their purview? And what is that whole process like? Because that just...

Ann Sheldon (31:42):

They will require that. And so that's why it's hard to do, but that's part of the relationship that we need to have with our regulators. So they understand the architecture of our systems and how we can make them better over time.

Tom Salemi (31:59):

And you can speak more just generally about medical devices, is this industry more difficult for someone in your job, to provide those future protections because of all those encumbrances you have with regulatory and you're working with hospitals and you're really partnering with others as opposed to a direct consumer business? Or do you feel that you have backup and installation and maybe this is not as difficult as other industries may be?

Ann Sheldon (32:26):

I think the regulators actually help us color within the lines. And I actually think that's a positive. So I think they want the same thing we do, they want products in the marketplace that help people live a healthier life, and they want to do that in a way that is easy and can get products to market faster. And so that's what I see in the relationships that we have with the regulators is they want to come to the table with us. They're willing to understand the landscape and the architecture of our systems. And they're challenging us to be the kind of company that can lead and bring products to market faster that are safe and secure.

Tom Salemi (33:12):

Interesting. Looking at the future at employees you'll have working at Medtronic, will more and more of them have a computer science background are you competing with an Amazon or Google or someone else who is trying to incorporate the power of AI and other other technologies into devices? And are you going to be drawing more of those people within your ranks at Medtronic?

Ann Sheldon (33:35):

We certainly are competing with other software companies. We have our Mission that is at the heart of everything that we do. And I would go back to the... That is what generates people's interest in Medtronic. I would also say we draw people from hospitals. So we've got people who work in hospitals now and see what that whole ecosystem is like, and they want to make it better. And so they reach out and say, we want to work for Medtronic. So we see people from all different facets that come and work for us. And they again, are really with the intent of making products better in the future.

Tom Salemi (34:11):

That's great. I've got a son who's much more tech minded than I am. And he's talked about computer science and I've... Honestly, we've talked about all the tech firms but I haven't mentioned... Haven't really thought about MedTech in that firm. I'm always thinking about the biomedical aspect, the creation of the devices, but this is a whole new biomedical realm on the tech side as well.

Ann Sheldon (34:31):

It is. And I've got someone in my team who has a quote that I always like to share with people. He said, if you think about it, historically, regulators were focused on preventing bad devices from harming people. That's what it always has been. But now with security, it's about preventing bad people from hurting good devices.

Tom Salemi (34:54):

That's a great point.

Ann Sheldon (34:55):

And that's part of the reason why we focus so much on that researcher community as well as the industry partnerships we have. We have to stay smart in that area.

Tom Salemi (35:02):

Fantastic. What a great way to end this conversation, which as I've said several times, is very interesting. So thank you Ann. I have to go find my thesaurus and come up with some new words for my next interview, but I appreciate the time you've spent and thanks for joining us on the podcast.

Ann Sheldon (35:17):

Yeah. Thank you so much Tom.

Tom Salemi (35:19):

Well, that is a wrap. Once again I'd like a thank Ann Sheldon for joining us on this podcast, and I'd like to thank our sponsor, Emergo, for supporting this episode of the MedtronicTalks podcast. Thanks Sarah Fitzgerald for joining us. And thanks of course to you, our MedtronicTalks listeners. It's great to have you here. Please do me a favor, subscribe to this podcast on any of the major podcast channels, Spotify, Amazon, Google, Apple. We are out there.

Tom Salemi (35:48):

If you subscribe, future episodes of this podcast will be sent directly to you. You won't have to find it out there in social media land. But if you insist on conducting a search, you can find it on devicetalks.com, you can try and get on medtronic.com. That's in the newsroom section. But once again, subscribing is the best way to find future episodes.

Tom Salemi (36:13):

And if you would, please consider sharing this podcast on your social media channels. You can find me out there. If you do share it, tag me on Twitter. I'm @MedTechTom. Or connect with me on LinkedIn, Tom Salemi, Tom S A L E M I. Would love to connect with you and talk MedTech. That's it. Tune in next time, we'll have another great episode of the MedtronicTalks podcast waiting for you.