#69: Ramakrishnan Pillai: Product Security at LivaNova and Beyond
We sat down with the Head of Product Security at LivaNova, the former Chief Product Security Officer at Elekta and co-chair of the Legacy Devices Task Group at the Health Sector Coordinating Council to discuss what he learned throughout his long and successful career and to gain insights on regulations, security activities and more
About Ramakrishnan Pillai
Ramakrishnan Pillai is the Head of Product Security at LivaNova, a leading global medical technology company. In his current role, Ramakrishnan is responsible for securing the company’s implantable, on-premise, and cloud-based solutions that serve clinicians and patients worldwide. Ramakrishnan made notable contributions at the Health Sector Coordinating Council, where he co-chaired the Legacy Devices Task Group, helping to establish recommendations to prevent medical devices from becoming legacy through secure design principles. He continues to contribute to industry work, most notably the MedTech Joint Security Plan which was released in March this year.
Throughout his career, Ramakrishnan has held key roles, including Chief Product Security Officer at Elekta, where he founded the Product Security Organization and spearheaded efforts toward SOC 2 Type 2 and FedRAMP audits. He has also worked at Coalfire, Cisco, and Wipro, where his extensive background in cybersecurity and risk advisory has made a lasting impact. Currently pursuing an MBA from the Gies College of Business at the University of Illinois, Ramakrishnan holds several key industry certifications, demonstrating his dedication to staying at the forefront of security in healthcare technology.
A Summary of Our Conversation with Ramakrishnan Pillai
The podcast featuring Ramakrishnan Pillai provides an insightful exploration of his career in cybersecurity, particularly within the healthcare technology domain. Below is a summarized account of the conversation, highlighting the key points he shared about his journey, achievements, and the challenges in the field.Career Journey and Key Roles
Ramakrishnan Pillai’s career began in digital electronics, debugging and building microprocessor-based systems. He transitioned into network management and security over two decades ago, gaining initial exposure while managing firewalls and email/web security systems for a U.S. county network. Over the years, he moved through various cybersecurity roles, with notable contributions to organizations like Cisco and Coalfire.
His focus shifted to healthcare technology after working on projects connecting patients to doctors via Cisco’s networking solutions. Since then, he has dedicated over a decade to cybersecurity in the healthcare sector, including roles at Elekta and Livanova, where he currently leads product security efforts. His work spans securing on-premise, cloud-based, and implantable medical solutions, emphasizing regulatory compliance and secure design principles.
Contributions to Industry Standards
Pillai’s involvement with the Health Sector Coordinating Council (HSCC) has been pivotal. As co-chair of the Legacy Devices Task Group, he helped develop recommendations to mitigate the risks associated with legacy medical devices. These devices, often with lifespans exceeding 15 years, present significant cybersecurity challenges due to their critical role in healthcare and prohibitive replacement costs. The task group’s efforts, culminating in a published guidance document, addressed these concerns, offering actionable solutions not only for healthcare but also other industries grappling with legacy systems.
Pillai also contributed to the MedTech Joint Security Plan, a framework guiding medical device manufacturers in improving cybersecurity resilience. His active participation in regulatory developments, such as those by the FDA and global counterparts, positions him as a key figure in navigating the evolving landscape of medical device security.
Building Cybersecurity Frameworks
At Elekta, Pillai founded the product security organization, tailoring governance structures to meet stringent medical device regulatory requirements. Drawing on industry best practices and collaborations with mature organizations, he built a robust system addressing quality management and cybersecurity risks.
One major achievement was advancing Elekta’s compliance with SOC 2 Type 2 standards, a critical certification for cloud-based products. This involved establishing detailed policies and automating processes to maintain operational security, reassuring stakeholders of the company’s adherence to high cybersecurity standards.
Challenges in Healthcare Cybersecurity
Pillai highlighted the unique challenges of healthcare cybersecurity:
- Legacy Devices: These are difficult to secure due to outdated technology and high replacement costs. Ensuring new devices are designed with future-proof security is crucial.
- Ransomware Attacks: He identified ransomware as the top threat, citing incidents like the 2017 WannaCry attack, which disrupted hospitals and medical devices globally. Such events have driven significant advancements in healthcare cybersecurity awareness and solutions.
- Supply Chain Vulnerabilities: Weak links in supply chains often lead to inherent device vulnerabilities. Pillai emphasized the need for rigorous risk assessments and component selection processes to enhance resilience.
Leadership Philosophy
Balancing technical expertise with strategic vision is central to Pillai’s leadership approach. He remains engaged with technical advancements through working groups, conferences, and continuous learning, enabling him to effectively influence cross-functional teams and drive organizational maturity. His ability to blend technical insight with strategic direction has been instrumental in building and managing high-performing cybersecurity teams.
Reflections on Career Milestones
Pillai cited the establishment of Elekta’s product security organization and his tenure at Cisco as career highlights. At Cisco, he played a key role in developing a healthcare-focused cybersecurity team, creating impactful solutions that reduced vulnerabilities across healthcare systems. These experiences underscored the satisfaction of working on projects that directly enhance patient safety.
Impact of Cybersecurity on Patient Safety
A recurring theme in Pillai’s narrative was the life-saving potential of robust cybersecurity in medical technology. He stressed that securing medical devices isn’t just about protecting data but ensuring the safety and well-being of patients. From proton treatment centers to implantable devices, the stakes in medical cybersecurity are incredibly high, making the work deeply fulfilling for professionals like Pillai.
Future Outlook
Looking ahead, Pillai envisions continuous improvement in medical device security through collaboration, innovation, and adherence to evolving regulations. He emphasized the importance of designing devices with long-term security considerations and fostering industry-wide knowledge-sharing to tackle emerging threats.
Closing Thoughts
Ramakrishnan Pillai’s career exemplifies dedication to advancing healthcare cybersecurity. His strategic contributions, technical expertise, and passion for patient safety have positioned him as a leader in the field. Reflecting on his journey, he encouraged professionals to embrace challenges, take risks, and remain committed to continuous learning—a philosophy that has defined his impactful career.