Robotics surgical biz Intuitive discloses phishing attack

Operations and hospital networks not affected, we're told

by · The Register

Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.

Intuitive's statement on the cybersecurity incident doesn't indicate when the attack occurred or when the company discovered it. The Register has reached out to Intuitive about these and other questions, and we will update this story as soon as we receive any response.

Stolen data includes some customer business and contact information, along with Intuitive employee and corporate data, according to the statement. 

The company said that the cyber intrusion had no operational impact on its platforms or the hospitals that use its robotic systems. Intuitive makes robotic-assisted surgical platforms, and its main products include the da Vinci surgical systems and the Ion endoluminal system for lung biopsies. 

"There has been no impact on our operations or the work we do to support our customers," the company added. "Our robotic systems have their own security protocols and operate independently of our internal business network."

Intuitive said that it segments its network infrastructure, and all of the infrastructure supporting its internal IT business systems, manufacturing operations, and digital products remain separate. Because of this network segmentation, the company's da Vinci, Ion, and digital platforms were not affected by the breach, and "continue to be safe and operational," according to the statement.

"Hospital customer networks remain separate from Intuitive networks and are secured and managed by customers' IT teams, therefore they are also unaffected," it added.

Upon discovering the intrusion, Intuitive says it took "immediate action" to contain the breach and begin an investigation, which remains ongoing. It also notified data privacy regulators, and pledged to share updates as the investigation continues.

The timing is noteworthy in that the Intuitive breach follows a cyberattack against another medical-tech company last week. On Wednesday, Stryker, which makes orthopedic implants, surgical equipment, and other medical devices, disclosed a breach in which miscreants gained access to its internal Microsoft environment.

Handala, a hacktivist crew believed to be a front for the Ministry of Intelligence and Security (MOIS), claimed to be responsible for the incident.

At publication time, no one had yet claimed the Intuitive attack. And in a Friday update to its Iran-war cyberthreat advisory, Cisco's Talos said that the Stryker digital intrusion "likely does not indicate that the health care sector is at any higher or specific risk of targeting by Iran-linked threat actors. We make this assessment with high confidence based on our understanding of the motivation and capability of threat groups like Handala, which have historically compromised targets of opportunity."

The threat hunters noted that they have not seen any recent increase in "systematic or elevated targeting of health care or health care-adjacent sectors over any other industry."

The Intuitive attack does, however, indicate that cybercriminals continue to use tried-and-true methods to gain initial access to victims' environments, Ensar Seker, chief information security officer at security company SOCRadar, told The Register.

"Even highly advanced technology companies can be compromised when a single credential is exposed, because identity systems are now the primary gateway into corporate infrastructure," Seker said. "Phishing remains effective because it targets people rather than technology. Security controls around software vulnerabilities have improved dramatically over the past decade, but social engineering continues to exploit human trust, urgency, and routine workflows." ®

Iran-linked cyber crew says they hit US med-tech firm: Meanwhile, Verifone says 'no evidence' to support the digital intruders' claimsJessica Lyons, 11 Mar 2026Cybercrime has skyrocketed 245% since the start of the Iran war: Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts'Jessica Lyons, 16 Mar 2026Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others: And then they send victims to the legit VPN download to hide their tracksJessica Lyons, 13 Mar 2026AI finally delivers those elusive productivity gains... for cybercriminals: Interpol says fraud schemes using the tech are 4.5x more profitableConnor Jones, 16 Mar 2026