Intuitive Surgical, maker of the da Vinci surgical robotic system, says hackers breached its corporate environment after an employee fell victim to a targeted phishing attack, exposing customer and employee data.

The American biotechnology company posted a statement announcing the “cybersecurity incident” on its website on Monday, adding that the hackers had gained access to the sensitive information of Intuitive customers and corporate employees.

How Intuitive says hackers got in

“Intuitive has determined that information from certain internal IT business applications was accessed by an unauthorized third party as the result of a targeted cybersecurity phishing incident,” it said.

It's unknown if the Intuitive breach is a random hit or possibly connected to the barrage of cyberattacks coming from pro-Iranian hackers, as the company does have links to Israel, but more on that below.

Due to the strategic use of network segmentation, Intuitive says its "da Vinci, Ion, and digital platforms were not impacted and continue to be safe and operational.”

The medical technology firm also stressed that the data of partnering hospitals, which are managed by their own IT teams, remains unaffected.

The company reassures patients with upcoming procedures involving the da Vinci or other Intuitive robotic surgical systems, tools, and/or services that they are not at risk.

“Our robotic systems have their own security protocols and operate independently of our internal business network,” Intuitive said.

Ensar Seker, CISO at SOCRadar, calls phishing attacks a “persistent reality” and says that even highly advanced technology companies can be compromised when a single credential is exposed.

“Phishing remains effective because it targets people rather than technology, Seker tells Cybernews.

“Security controls around software vulnerabilities have improved dramatically over the past decade, but social engineering continues to exploit human trust, urgency, and routine workflows,” he explains.

Furthermore, Seker says, “modern phishing campaigns are also becoming more convincing, often leveraging AI-generated content, spoofed login portals, and real-time credential harvesting. This allows attackers to bypass even organizations with strong perimeter defenses if identity protections such as phishing-resistant authentication are not fully implemented.”

What data did the hackers access?

Intuitive did not reveal the exact date of the breach, what or how much data was stolen. It also has not mentioned ransomware or identified a threat actor behind the attack, leaving many questions unanswered.

Intuitive robotic systems are lauded for enabling doctors to perform complex procedures with increased precision, yielding improved clinical outcomes compared to more invasive surgical options.

Founded in 1995, the California-based robotics technology company first launched the da Vinci system nearly three decades ago and, more recently, the Ion robotic bronchoscopy platform in 2019 for performing minimally invasive lung biopsies.

The trademarked da Vinci system has been used in over 14 million minimally invasive robotic-assisted surgeries across 70 countries, spanning nearly a dozen specialty areas, from hernia repair to gynecologic to cardiac surgery, according to the company’s website.

Apparently, the stolen data was exfiltrated from Intuitive’s internal business administrative network via the compromised employee’s account.

The data was said to include “some customer business and contact information, as well as Intuitive employee and corporate data."

With an annual revenue in 2025 listed at over $10 billion, the company states it has more than 16,000 employees worldwide.

"Cyber incidents affecting companies operating in healthcare and medical technology sectors are particularly sensitive because these organizations sit at the intersection of innovation, patient safety, and critical infrastructure," says Seker.

"Even when attacks primarily involve data exposure rather than operational disruption, they highlight how identity compromise can quickly translate into broader enterprise risk," he says, which could easily include propriety information about its robotic systems, and fetch a high price on the black market.

Intuitive says upon discovering the intrusion, it "took immediate action to assess and contain the incident, begin an investigation, review security protocols, and remind employees of online security training and processes.”

Is there a link to Iranian attacks?

The Intuitive breach is the second major cyberattack on the US medical technology sector in a week. The first was framed as retaliation for the US-Israeli-led strikes on Iran that began on February 28th.

Last Wednesday, the Iranian-linked Handala Hack Team claimed responsibility for a devastating wiper attack on the US-based medical technology company Stryker because of its strong business ties to Israel.

Stryker, which confirmed the attack on its website and with the US Securities and Exchange Commission, manufactures a range of hospital equipment and provides medical IT services to more than 150 million patients globally each year.

Handala claimed on Monday to have wiped an “unprecedented 12-Petabyte” of data, last week saying it targeted “over 200,000 systems, servers, and mobile devices, as well as extracted 50TB of critical data.”

Turns out, Intuitive Surgical also has significant ties to Israel, primarily through several research and development (R&D) centers, as well as the Israel-based health IT company Orpheus Medical, which it acquired in 2020.

Although there is no mention of Intuitive on the Handala leak site, there are hundreds of pro-Iranian threat actors and hacktivist groups joining the retaliation campaign against Israel, the US, and other Middle East interests.

---

Unlock more exclusive Cybernews content on YouTube.