Ensure patient safety
for legacy and next generation devices

We work with you to create a customized regulatory risk model that meets the needs of your current and future devices throughout their lifecycle. Get the Medcrypt advantage with a scalable, repeatable model to improve your risk mitigation strategies to meet FDA requirements.

Contact us >

Mitigate cybersecurity risk across your device lifecycle

With our custom Lifecycle, Environment, Network, and System (LENS) model, we enable you to proactively identify risks and opportunities. We work with you to model the decision tree based on your data, logic, and products, producing repeatable and reliable results.

See case study   >

Improved risk mitigation with risk breakdown

Our LENS model enables you to handle legacy device risk, as well as predict risk for next-generation devices, with a statistical breakdown of risk. Identify and fill critical gaps in your cybersecurity architecture.

Eliminate cybersecurity uncertainty & rework

Enhance your confidence in your cybersecurity R&D roadmap. Make strategic changes to your current risk mitigation strategies to maximize return on investment and reduce unexpected delays.

Avoid FDA regulatory approval delays

Ensure you understand the impact of recent regulatory changes included in the “PATCH Act”, as well as the likelihood that the FDA will flag your submissions for connected devices due to cybersecurity deficits.

Save potentially months of R&D opportunity costs

We found that certain device characteristics increase the presence of regulatory risks, including deficiencies and the possibility of getting a Not Substantially Equivalent (NSE) determination for your next-generation devices.

Eliminate unexpected delays & get to market faster

Get the benefit of a scalable, repeatable risk modeling method of analyzing and mitigating risk to ensure patient safety and gain FDA approval.

Predictable, faster regulatory approval

Ensure you understand which device characteristics will increase your regulatory risks for both your legacy and next-generation devices. Our model is based on known regulatory considerations (FDA deficiencies).


We created the LENS model in partnership with Hubbard Decision Research (HDR). HDR was founded by Douglas W. Hubbard, the creator of "Applied Information Economics"​ (AIE). Hubbard developed AIE as a practical application of scientific and mathematical methods to the most complex and risky decisions - even when they seem driven by seemingly "immeasurable"​ factors.


Helping our customers succeed

Don’t just take our word for it. Our MDM client saved up to 12 months in R&D opportunity cost using one of our custom decision trees. They were able to make strategic changes that they felt confident would not impact timelines significantly and would help them meet FDA cybersecurity regulations.

Challenge: Determine the most effective device patching strategy to meet FDA requirements

Problem: Devices did not support over-the-air updates for patching

This MDM’s devices did not support secure over-the-air (OTA), or cloud-based, updates. Adding OTA capabilities across all device lines would significantly impact their development timelines, which would in turn delay their time-to-market.

However, with the new FDA cybersecurity regulations, particularly around patching strategies, they were worried that with their current non-wireless system of updating, they would not get FDA approval for their devices. Could they make smaller, less system-wide changes that would meet cybersecurity requirements while not putting them getting their devices to market in a timely manner in jeopardy?

Client’s original approach: Prone-to-error scoring

This MDM was using an error-prone scoring method and threshold to determine the products that were at highest regulatory risk, possibly requiring strategic shifts which would significantly impact R&D costs and time-to-market.

Because their method was based on individual human judgment, it was not scientifically sound and repeatable, thus they also ran the risk of the FDA disagreeing with their risk scores, which would further impact their bottom line.

Our scalable, repeatable solution


Our client was able to maintain their product development timelines. Where they did need to delay timelines, they were able to demonstrate ROI with reduced regulatory risk.

Using decision trees preserved or reduced patient risk, minimized additional costs to patients, and maintained or improved business outcomes, including cost of goods sold (COGS), timelines, and project scope.

Where the client did determine they needed to implement OTA capabilities, they felt confident in the value of this investment, as well as decreased uncertainty of regulatory rejection. This enabled them to realize a savings of 6 to 12 months of R&D opportunity cost.

Decision tree:

We developed a bespoke decision tree that adapted the MDM’s existing data, logic, and product information to model their decision ecosystem, thereby enabling them to accurately see the risks that would result from each decision, eliminating uncertainty and speeding time-to-market.

Meet our experts

Our team of former FDA analysts and reviewers provides the best-qualified, credentialed, and experienced product security benefit-risk assessment in the world.
Contact us today   >
Naomi Schwartz
Sr. Director of Cybersecurity Quality and Safety
Naomi is a regulatory, compliance, and standards expert. She employs gap analyses, proposes mitigation strategies, and optimizes cybersecurity frameworks to address risk and uncertainty for device commercialization and to meet regulatory requirements and guidelines. Naomi has 20+ years of systems engineering experience.

Prior to Medcrypt, she was a premarket reviewer and consumer safety officer in CDRH for 6+ years, focusing on software, interoperability, and cybersecurity for connected diabetes devices. Her industry leadership and strategic direction include crafting standards and recommended practices for wireless diabetes device security, managing postmarket triage for cybersecurity vulnerability disclosure. She holds an MS in Electrical and Computer Engineering from Carnegie Mellon University and is a Certified Quality Auditor.
Seth Carmody, PhD
VP, Regulatory Strategy
Seth has 10 years of medical device experience and provides strategic direction for cybersecurity products and services for the regulated device market.

Prior to Medcrypt, he spent 8 years at the FDA, architecting technology policy and laws that impact software-enabled medical devices, including the FDA’s medical device cybersecurity policies. His industry leadership and strategic direction extends to several high-profile industry frameworks including the Joint Security Plan (HSCC), MITRE’s Rubric for Applying CVSS to Medical Devices, and MDIC’s Playbook for Threat Modeling Medical Devices. He has authored several medical device cybersecurity papers and won several information security awards. He holds a PhD in Chemistry from Indiana University.
Cynthia Peralta
Sr. Director, Encryption, Key Management and PKI
Cynthia is a Public Key Infrastructure and cybersecurity expert. She provides critical and high-value insight and design of cybersecurity components, including cryptography and key management, that form the basis of security trust. She has 24+ years of experience in enterprise application, systems security, embedded device security, and device architecture & design. She handles FDA letters, including Refuse to Accept letters.

Prior to Medcrypt, she worked at several Forbes top 100 global organizations, including GE Digital, where she built out GE Healthcare’s encryption, key management, and PKI infrastructure.
Matt McKenna
Sr. Director, Product Security
Matt is a threat modeling and risk management expert. He supports clients in their journey to adopt a total quality framework, which is  necessary to go to market with reasonable and planned resources and cost. He also handles FDA letters, including Refuse to Accept letters.

Prior to Medcrypt, he led cybersecurity, technology direction, and national security efforts at a number of companies, including MITRE, National Grid, and Becton Dickenson. He holds a BA in Computer Science from Rhode Island College.
AJ Reiter
Director, Strategy and Organizational Transformation
AJ specializes in enterprise digital transformation, program development, continuous process improvement, and cybersecurity. He assesses organizational security and implements actionable transformation plans and services to achieve executive targets.

Prior to Medcrypt, he spent five years doing management consulting, providing comprehensive business transformation services to Fortune 500 clients in various industries, including Pharmaceuticals, Defense, Consumer Packaged Goods, and Medical Devices. He has a BS in Economics from Georgetown University, where he captained the 4x national champion Georgetown Sailing Team.