Blue Goat Cyber logoBlue Goat CyberSMMedical Device Cybersecurity
    K

    Press kit: The State of FDA Medical Device Cybersecurity Deficiencies

    What FDA reviewers flag most in cybersecurity submissions, by pathway, with average resolution time.

    Media contact

    Email press@bluegoatcyber.com for interviews, custom data cuts, or fact-check requests. We respond same-day for active stories. Lead author for this report: Christian Espinosa, Founder & CEO.

    Quote-ready findings

    • "Pending legal review. Quote-ready findings will be added after the analyst extract is approved."

    Charts

    Free to re-use with attribution. Reach out to media@bluegoatcyber.com for high-resolution chart exports.

    Most frequent FDA cybersecurity deficiency categories

    internal extract pending

    Share of deficiencies by content area, all pathways combined.

    Pending data extract - chart will render once the analyst team and legal review approve the underlying numbers.

    Source: Blue Goat Cyber internal deficiency dataset, 2021-2025. · Unit: % of deficiencies

    Deficiency rate by submission pathway

    internal extract pending

    Share of supported submissions that received at least one cybersecurity deficiency, by pathway.

    Pending data extract - chart will render once the analyst team and legal review approve the underlying numbers.

    Source: Blue Goat Cyber internal deficiency dataset, 2021-2025. · Unit: % of submissions

    Average time to resolve by deficiency category

    internal extract pending

    Median days from deficiency receipt to FDA acknowledgement of response.

    Pending data extract - chart will render once the analyst team and legal review approve the underlying numbers.

    Source: Blue Goat Cyber internal deficiency dataset, 2021-2025. · Unit: days (median)

    Cybersecurity deficiency rate by device class

    internal extract pending

    Share of submissions with at least one cybersecurity deficiency, by FDA device class.

    Pending data extract - chart will render once the analyst team and legal review approve the underlying numbers.

    Source: Blue Goat Cyber internal deficiency dataset, 2021-2025. · Unit: % of submissions

    Deficiency volume trend, 2021-2025

    internal extract pending

    Cybersecurity deficiencies received per quarter.

    Pending data extract - chart will render once the analyst team and legal review approve the underlying numbers.

    Source: Blue Goat Cyber internal deficiency dataset, 2021-2025. · Unit: deficiencies/quarter

    Citation

    Blue Goat Cyber. (2026). The State of FDA Medical Device Cybersecurity Deficiencies. https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026

    Canonical report URL: https://bluegoatcyber.com/research/fda-medical-device-cybersecurity-deficiencies-2026

    Back to full report