The surgical robotics giant Intuitive has fallen victim to a cyberattack that has resulted in a data breach.
According to a statement released by the company, a targeted phishing attack allowed an unauthorized third party to access certain internal systems. The threat actor gained access through compromised employee credentials.
The hacker obtained internal business and contact data of employees and customers, but the incident did not affect their surgical systems or the operation of their products.
Thus, Intuitive assures that its da Vinci, Ion, and digital platforms were not compromised and continue to be operational, as they remain separate from the internal network where the access occurred, as well as the infrastructure that supports their IT applications.
“Our robotic systems have their own security protocols and operate independently of our internal enterprise network,” they state.
The hospital clients’ networks were also not affected, as they “are protected and managed by the clients’ IT teams.”
“After detecting the issue, we quickly activated our incident response protocols and secured all affected applications. We are publishing this web update to be transparent about it, beyond the mandatory notifications,” they explain.
Unknown author
The manufacturer also indicates that it takes its responsibility to employees, customers, and the patients they serve very seriously, and that the privacy and security of all the data entrusted to them “are a vital part of it.”
For now, the company has not publicly disclosed who perpetrated the attack or clarified whether it was a criminal group, an economically motivated actor, or a nation-state. The internal investigation and possible external agencies are still ongoing.
Intuitive emphasizes that it does not currently foresee a significant impact on its business or financial results.
