Press kit: The State of FDA Medical Device Cybersecurity Deficiencies
What FDA reviewers flag most in cybersecurity submissions, by pathway, with average resolution time.
Media contact
Email [email protected] for interviews, custom data cuts, or fact-check requests. We respond same-day for active stories. Lead author for this report: Christian Espinosa, Founder & CEO.
Quote-ready findings
- "Pending legal review. Quote-ready findings will be added after the analyst extract is approved."
Charts (embed-friendly)
Free to re-use with attribution. Drop the iframe snippet into any CMS that allows HTML — the chart will render at the correct aspect ratio with our methodology footer baked in.
Most frequent FDA cybersecurity deficiency categories
internal extract pendingShare of deficiencies by content area, all pathways combined.
Source: Blue Goat Cyber internal deficiency dataset, 2021–2025. · Unit: % of deficiencies
<iframe src="https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-categories" width="100%" height="420" style="border:0" loading="lazy" title="Most frequent FDA cybersecurity deficiency categories"></iframe>Direct chart URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-categories
Deficiency rate by submission pathway
internal extract pendingShare of supported submissions that received at least one cybersecurity deficiency, by pathway.
Source: Blue Goat Cyber internal deficiency dataset, 2021–2025. · Unit: % of submissions
<iframe src="https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-by-pathway" width="100%" height="420" style="border:0" loading="lazy" title="Deficiency rate by submission pathway"></iframe>Direct chart URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-by-pathway
Average time to resolve by deficiency category
internal extract pendingMedian days from deficiency receipt to FDA acknowledgement of response.
Source: Blue Goat Cyber internal deficiency dataset, 2021–2025. · Unit: days (median)
<iframe src="https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/time-to-resolve" width="100%" height="420" style="border:0" loading="lazy" title="Average time to resolve by deficiency category"></iframe>Direct chart URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/time-to-resolve
Cybersecurity deficiency rate by device class
internal extract pendingShare of submissions with at least one cybersecurity deficiency, by FDA device class.
Source: Blue Goat Cyber internal deficiency dataset, 2021–2025. · Unit: % of submissions
<iframe src="https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-by-device-class" width="100%" height="420" style="border:0" loading="lazy" title="Cybersecurity deficiency rate by device class"></iframe>Direct chart URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-by-device-class
Deficiency volume trend, 2021–2025
internal extract pendingCybersecurity deficiencies received per quarter.
Source: Blue Goat Cyber internal deficiency dataset, 2021–2025. · Unit: deficiencies/quarter
<iframe src="https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-trend" width="100%" height="420" style="border:0" loading="lazy" title="Deficiency volume trend, 2021–2025"></iframe>Direct chart URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026/embed/deficiency-trend
Citation
Blue Goat Cyber. (2026). The State of FDA Medical Device Cybersecurity Deficiencies. https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026
Canonical report URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026