How to Best Protect Your Hospital After the Incidents at Stryker and Intuitive

Within a span of days, two of the most recognizable names in medical technology, Stryker Corporation and Intuitive Surgical, disclosed separate cybersecurity incidents.  When manufacturers and solutions providers in the healthcare ecosystem see incidents, CISOs and IS teams need to know how best to protect their networks, devices, and cybersecurity infrastructure.

This post summarizes what is publicly known about each event and what steps healthcare delivery organizations (HDOs) should take to reduce the risk associated with these incidents.

The Stryker Incident: A Destructive Wiper Attack on Corporate Infrastructure

On March 11, 2026, Stryker, a global manufacturer of orthopedic implants, surgical equipment, hospital beds, and robotic-assisted surgery systems, disclosed a cyberattack that disrupted its global Microsoft environment. The company confirmed it was “experiencing a global network disruption to our Microsoft environment as a result of a cyber attack” and noted that it believed the incident was contained, with no indication of ransomware or malware in its patient-facing systems. The company has committed to providing ongoing updates and emphasized that patient care continuity remains its highest priority.

The Intuitive Incident: A Targeted Phishing Compromise

On March 13, 2026, Intuitive Surgical, the maker of the da Vinci robotic surgery platform and the Ion endoluminal system, disclosed that an unauthorized third party had accessed information from certain internal IT business applications through a targeted phishing incident.

According to Intuitive’s public statement, the breach occurred through a compromised employee account that provided access to the company’s internal business administrative network. The accessed data includes some customer business and contact information, as well as Intuitive employee and corporate data. Explicitly stated, the information was not obtained from its da Vinci or Ion systems, which were not impacted and continue to be safe and operational.

Upon discovery, Intuitive activated its incident response protocols, secured all affected applications, and initiated an investigation. The company is communicating with affected customers and notifying appropriate data privacy regulators. The investigation remains ongoing.

What Healthcare Organizations Should Do Now

These incidents offer a practical prompt to revisit several security fundamentals.

1. Inventory your connected devices and vendor dependencies. Every medical device in your environment has a manufacturer, and many have ongoing software update dependencies, data-sharing relationships, or network integrations with that manufacturer. A comprehensive, continuously updated inventory of connected devices, including their communication profiles and external dependencies, is the foundation of an effective response posture.
2. Assess exposure from third-party relationships. When a vendor experiences a security incident, HDOs with existing data-sharing arrangements or connected platform integrations should evaluate potential exposure. This means reviewing what data has been shared, what systems are interconnected, and whether any network traffic warrants additional monitoring.
3. Strengthen defenses against phishing-based credential theft. The Intuitive incident is a reminder that phishing remains one of the most effective paths into an organization. Accounts with access to sensitive business systems should be protected with phishing-resistant multi-factor authentication, and anomalous login activity should trigger automated alerts.
4. Segment medical devices and IoMT thoughtfully. Connected medical devices – surgical robots, infusion pumps, patient monitoring systems – should be logically separated from broader corporate IT infrastructure. This limits lateral movement potential if either side of the network is compromised, and reduces the blast radius of any single incident.
5. Establish vendor communication protocols. Both Stryker and Intuitive responded by proactively communicating with customers about what was and was not affected. HDOs should have clear internal processes for receiving and acting on these notifications, and should know who is responsible for coordinating the clinical, IT, and procurement responses when a key vendor is impacted.
6. Review supply chain continuity plans. The Stryker disruption affected order processing, manufacturing, and logistics. Hospitals that depend on a narrow set of suppliers for critical surgical supplies should evaluate whether their continuity plans adequately address an extended vendor outage, including procedures for sourcing from alternative suppliers when necessary.

A Note on Medical Device Safety

Both companies have been clear on this point, and it is worth emphasizing: the clinical devices associated with each company – Stryker’s Mako systems, LIFEPAK devices, and Vocera); Intuitive’s da Vinci and Ion platforms were not compromised and remain safe to use. The disruptions in each case were confined to corporate and business infrastructure.

This distinction matters for clinical teams, IS, and hospital leadership responsible for making real-time operational decisions. It is also a useful reminder of the value of security architectures that maintain clear separation between device functionality and corporate IT environments.

Risk Mitigation in the Broader Context of Healthcare

These two incidents arrive at a moment when the healthcare sector is managing an elevated volume of cyber threats. The attack surface has grown significantly as HDOs deploy more connected devices, adopt cloud platforms, and integrate more deeply with technology vendors. Each connection that improves care coordination or operational efficiency also introduces potential exposure.

At Asimily, our focus is on giving healthcare organizations the deep device-level visibility, risk prioritization, and mitigation they need to do exactly that – for all the connected devices already inside the hospital, and for the broader ecosystem of vendor relationships and supply chain dependencies that surround them. Asimily is closely monitoring both incidents and will provide updates to this article as new developments occur.