Intuitive Surgical was hit by a cybersecurity phishing incident that compromised customer and employee data.
Information was obtained from an employee’s compromised access into Intutive’s internal business administrative network, the surgical robotics firm said in a statement posted to its website. An unauthorized third party accessed information including customer business and contact information, as well employee and corporate data.
The statement was posted on Thursday, an Intuitive spokesperson said in an email to MedTech Dive.
When the incident was discovered, the company activated its incident response protocols and secured all affected applications.
“We took immediate action to assess and contain the incident, begin an investigation, review security protocols, and remind employees of online security training and processes,” according to the statement. Intuitive did not state when the cybersecurity incident was identified.
The company’s da Vinci, Ion and digital platforms were not affected and continue to be safe and operational. Intuitive said that its network infrastructure is segmented.
“The networks and infrastructure that support our internal IT business applications, our manufacturing operations, and our da Vinci and Ion platforms and digital products are separate,” Intuitive said.
Meanwhile, hospital customer networks are also unaffected as they remain separate from Intuitive networks and are secured and managed by customers’ IT teams.
“There has been no impact on our operations or the work we do to support our customers,” Intuitive said. “Our robotic systems have their own security protocols and operate independently of our internal business network.”
Intuitive’s cybersecurity incident follows a cyberattack on Stryker. Earlier this week, Stryker said it was hit by an attack that led to a global network disruption of its Microsoft environment, affecting order processing, shipping and manufacturing.
An Iran-linked threat actor that researchers call Handala claimed credit for the Stryker attack, according to Check Point Research. The group claimed that it has wiped thousands of Stryker’s servers and mobile devices and also claims to have exfiltrated 50 terabytes of critical data. It is not known whether any customer data was affected.
