Intuitive Surgical Hit by Phishing Scheme

Intuitive Surgical hit by phishing incident

Intuitive Surgical was hit by a cybersecurity phishing incident that compromised customer and employee data.

Information was obtained from an employee’s compromised access into Intutive’s internal business administrative network, the surgical robotics firm said in a statement posted to its website. An unauthorized third party accessed information including customer business and contact information, as well employee and corporate data.

The statement was posted on Thursday, an Intuitive spokesperson said in an email to MedTech Dive.

When the incident was discovered, the company activated its incident response protocols and secured all affected applications.

“We took immediate action to assess and contain the incident, begin an investigation, review security protocols, and remind employees of online security training and processes,” according to the statement. Intuitive did not state when the cybersecurity incident was identified.

The company’s da Vinci, Ion and digital platforms were not affected and continue to be safe and operational. Intuitive said that its network infrastructure is segmented.

Stryker attack raises concerns about role of device management tool

A suspected wiper attack against medtech giant Stryker has led much of the security community to examine the role of Microsoft Intune.

Stryker, a Portage, Mich.-based specialist in surgical equipment, was hacked last week in an attack that affected thousands of mobile devices and other systems.

The company, in a regulatory filing, confirmed the attack impacted its Microsoft environment and warned in a customer update that its electronic ordering systems remain unavailable.

An Iran-linked hacker tracked under the name Handala claimed credit for the attack, according to Check Point Research. The hacker claims to have stolen 50 terabytes of data and to have wiped information from thousands of servers and mobile devices in the process.

Researchers from Halcyon told Cybersecurity Dive the Stryker attack impacted all phones and workstations with an Intune base 64 string. Intune is normally used to push software or manage devices that are base-64 encoded, according to researchers.

Stryker Sued Over Data Breach Following Pro-Iran Cyberattack

A former Stryker Corp. customer service representative sued the medical technology company following a cyberattack on its ordering and shipping systems that a pro-Iran digital activist group took credit for.

Stryker failed to secure the data through systems and practices to mitigate the risks of an attack, Tom Mesmer told the US District Court for the Western District of Michigan on March 13. He and others face a litany of identity theft-related risks, and Stryker failed to sufficiently inform victims, the lawsuit said.

Data Center Rush Poses Conflicts for Law Firms With Energy Ties

The data center boom is a conflict minefield for law firms that count major utilities among their top clients.

Three of the largest firms in Texas—Vinson & Elkins, Baker Botts, and Jackson Walker—are go-to advisers for large regulated utilities Oncor Electric Delivery Co., CenterPoint Energy, and Texas-New Mexico Power. They are now among a slew of firms representing AI data center developers and hyperscalers building multibillion-dollar facilities that require massive amounts of electricity from the state’s power grid.

“There’s a whole host of conflicts that can result,” said John Browning, a former appeals court judge in Dallas. “Law firms in Texas want to cash-in on the business opportunities, but at the same time they also have to navigate that very difficult tightrope of keeping their existing utility clients happy.”

UK’s Companies House confirms security flaw exposed business data

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025.

Dan Neidle, founder of the non-profit Tax Policy Associates, reported the vulnerability to the U.K. corporate register on Friday after Ghost Mail's John Hewitt (who discovered the flaw) didn't receive a reply.

"All that was required was to log in to Companies House using your own details and access your own company's dashboard. Then opt to "file for another company" and enter the company number for any one of the five million companies registered with Companies House," said Neidle.

"At that point you'd be asked for an authentication code, which of course you don't have. No problem. Press the 'back' key a few times to return to your dashboard. Except – it isn't your dashboard. It's the other company's dashboard."

Neidle added that the flaw exposed the data of five million registered companies for five months, including their management's home and email addresses.

Washington is right: Cybercrime is organized crime. Now we need to shut down the business model

The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration is echoing what the cybersecurity industry has been shouting for years: cyber-enabled fraud is a product of transnational organized crime.

That distinction matters because organized crime requires an organized response.

…

Modern cybercrime groups look less like street gangs and more like corporations. They run structured operations, complete with HR departments, training pipelines, performance metrics, and technology stacks that rival most enterprise companies.

Their attackers don’t rely on sophisticated exploits — they think like expert investigators, systematically probing for weaknesses, exploiting psychological pressure, manipulating insiders, and using deception to move through gaps that defenders left open. They operate around the clock, in every time zone, and increasingly use AI to automate attacks at a scale that once required highly skilled operators.