Surgical robotics firm Intuitive Surgical recently experienced a cyberattack that compromised customer and employee data.
The hackers used a phishing attack to steal an Intuitive employee’s credentials, log into the company’s internal administrative network and begin accessing data, the company said in an online statement. The compromised data included including customer business and contact information and employee and corporate records.
The statement was posted on March 12, an Intuitive spokesperson said in an email to MedTech Dive.
When the incident was discovered, the company activated its incident response protocols and secured all affected applications.
“We took immediate action to assess and contain the incident, begin an investigation, review security protocols, and remind employees of online security training and processes,” according to the statement.
Intuitive did not say when it first identified the intrusion.
The company’s da Vinci, Ion and digital platforms were not affected and continue to be safe and operational. Intuitive said that its network infrastructure is segmented.
“The networks and infrastructure that support our internal IT business applications, our manufacturing operations, and our da Vinci and Ion platforms and digital products are separate,” Intuitive said.
Meanwhile, hospital customer networks are also unaffected as they remain separate from Intuitive networks and are secured and managed by customers’ IT teams.
“There has been no impact on our operations or the work we do to support our customers,” Intuitive said. “Our robotic systems have their own security protocols and operate independently of our internal business network.”
Intuitive’s cybersecurity incident follows a recent cyberattack on the medical device maker Stryker. Earlier this week, the company disclosed an attack that led to a global network disruption of its Microsoft environment, affecting order processing, shipping and manufacturing.
An Iran-linked threat actor that researchers call Handala claimed credit for the Stryker attack, according to Check Point Research. The group claimed to have wiped thousands of Stryker’s servers and mobile devices and to have exfiltrated 50 terabytes of important information. It is unclear whether that attack compromised any customer data.
