Intuitive Surgical Phishing Breach Exposed Customer and Employee Data
Intuitive Surgical disclosed that attackers gained access to internal business administrative systems after stealing an employee's credentials in a phishing attack. The intrusion exposed customer business and contact information, employee data, and corporate files, while the company said the incident did not affect operations, hospital customer networks, or its core robotic surgery and digital platforms, including da Vinci and Ion systems. Intuitive said its robotic systems operate independently from the compromised internal business network and that hospital environments remain separately managed.
The company said it took immediate containment steps, launched an ongoing investigation, and notified data privacy regulators. Reporting also noted that Intuitive's network segmentation separated internal IT business systems, manufacturing operations, and digital products, which the company cited as the reason the breach did not spread into production or customer-facing clinical environments. Public details remain limited, including when the phishing attack occurred and when it was detected, but both reports indicate the incident was confined to internal business applications rather than operational or medical device infrastructure.
Sources
Related Stories
Healthcare Data Breaches and Patient Record Exposure at Providers and Vendors
Multiple healthcare entities reported **unauthorized access and patient data exposure**, with incidents spanning direct provider compromises and third-party vendor breaches. **Insight Hospital and Medical Center (Chicago)** disclosed suspicious activity in its IT environment, with investigators confirming **unauthorized network access from Aug 22 to Sep 11, 2025**; the organization said the review is ongoing but potentially impacted data includes **names, DOB, SSNs, passport numbers, financial account data, treatment information, and insurance details**. Two extortion groups publicly claimed responsibility: **LockBit** alleged theft of ~`200 GB` and **Termite** claimed `360 GB`, stating it leaked data in late February 2026. In France, attackers stole about **15.8 million administrative files** after breaching health-ministry software supplier **Cegedim Santé**, impacting its *MonLogicielMedical (MLM)* product used by thousands of doctors; the stolen data reportedly included **identity and contact details**, and in a smaller subset (~**165,000** files) **free-text doctors’ notes** that in limited cases contained sensitive medical-history details. Separately, **OCAT, LLC d/b/a Evoke Wellness at Hilliard** updated a breach notification describing **unauthorized network activity** and potential access to patient information; reporting also tied the matter to an **insider misuse** investigation in which a former employee allegedly accessed and sold patient data, though public filings contained **inconsistent timelines** about when the underlying incident occurred and when it was discovered.
1 weeks ago
Delayed patient notifications following healthcare data breaches at providers and vendors
Multiple healthcare organizations and vendors reported **delayed patient notifications** after discovering unauthorized access to protected health information (PHI), in some cases more than a year after the underlying compromise. In Colorado, **Alpine Ear, Nose, and Throat (Alpine ENT)** notified **65,648** individuals that an attacker accessed and exfiltrated files containing PHI in an incident identified on **Nov. 19, 2024**; the **BianLian** ransomware group later claimed responsibility and posted the organization to its leak site. Exposed data was described as highly sensitive, including medical information and, for some individuals, **financial account data and payment card details** (including CVC/expiration) and **Social Security numbers**; Alpine ENT reported no confirmed identity theft at the time of notification and offered credit monitoring. Separately, **Bayada Home Health Care** disclosed exposure risk tied to a **third-party vendor (Doctor Alliance)** after Doctor Alliance reported unauthorized network access during **Oct.–Nov. 2025**, potentially affecting Home Health Certification and Plan of Care forms containing patient identifiers and clinical/insurance details (and **SSNs for a subset**). Bayada said it discontinued using Doctor Alliance and reported the matter to regulators. In another vendor-related incident, **TriZetto Provider Solutions (Cognizant)**—an insurance verification provider—suffered a cyberattack impacting PHI across multiple states; Oregon providers began notifying additional patients after the breach was reported as occurring in **Nov. 2024** but not discovered until **Oct. 2, 2025**, with no financial data reportedly compromised and no evidence of misuse so far; the incident has prompted **class-action lawsuits**, engagement of **Mandiant**, and law enforcement notification.
1 months agoRecent Data Breaches at U.S. Healthcare Providers
Multiple U.S. healthcare organizations have recently disclosed data breaches resulting from unauthorized access to sensitive patient information. Expert MRI, a radiology provider in California, reported that an attacker accessed its network between June and August 2025, exfiltrating data such as names, addresses, dates of birth, diagnoses, and, for some, Social Security numbers. The PEAR threat group claimed responsibility and briefly listed stolen data on its leak site, suggesting a ransom may have been paid. Revere Health in Utah experienced a breach of a third-party payment platform, potentially exposing patient names, dates of birth, addresses, medical record numbers, and partial Social Security numbers, though no evidence of misuse was found. Health Management Systems of America in Michigan disclosed a breach after an employee fell victim to a spear phishing attack, resulting in the unauthorized download of emails containing patient data. These incidents highlight the ongoing risks faced by healthcare organizations from both targeted ransomware groups and opportunistic phishing attacks. In response, affected providers have reported the breaches to regulators, enhanced their cybersecurity measures, and offered credit monitoring to impacted individuals. The number of affected patients varies by incident, with Revere Health reporting up to 10,800 impacted and Expert MRI yet to disclose a total. The breaches underscore the importance of robust security practices and employee awareness training to mitigate the risk of data compromise in the healthcare sector.
2 months ago