Press kit: MedTech Vulnerability Landscape Report
The most common vulnerabilities found in medical device penetration tests, broken out by device class.
Media contact
Email press@bluegoatcyber.com for interviews, custom data cuts, or fact-check requests. We respond same-day for active stories. Lead author for this report: .
Quote-ready findings
- "Pending legal review."
Charts
Free to re-use with attribution. Reach out to media@bluegoatcyber.com for high-resolution chart exports.
Top 10 CWE categories across all engagements
internal extract pendingShare of total findings by CWE family.
Source: Blue Goat Cyber penetration test dataset, 2022-2025. · Unit: % of findings
Findings per engagement by device class
internal extract pendingAverage findings per engagement, broken out by device class and severity.
Source: Blue Goat Cyber penetration test dataset, 2022-2025. · Unit: findings per engagement
Severity distribution of findings
internal extract pendingShare of findings rated Critical, High, Medium, or Low.
Source: Blue Goat Cyber penetration test dataset, 2022-2025. · Unit: % of findings
BLE/RF findings by device class
internal extract pendingAverage BLE or radio findings per engagement, by device class.
Source: Blue Goat Cyber BLE/RF testing subset, 2022-2025. · Unit: findings per engagement
Most common vulnerable components observed in SBOMs
internal extract pendingShare of analyzed SBOMs containing a known-vulnerable version of the listed component.
Source: Blue Goat Cyber SBOM analysis dataset, 2023-2025. · Unit: % of SBOMs
Average remediation time by severity
internal extract pendingMedian days from finding disclosure to client-confirmed remediation.
Source: Blue Goat Cyber retest dataset, 2022-2025. · Unit: days (median)
Citation
Blue Goat Cyber. (2026). MedTech Vulnerability Landscape Report. https://bluegoatcyber.com/research/medtech-vulnerability-landscape-2026
Canonical report URL: https://bluegoatcyber.com/research/medtech-vulnerability-landscape-2026