Intuitive Data Breach Exposes Customer Info

Intuitive, the medical device company known for its da Vinci robotic surgical systems, disclosed a data breach this month resulting from a targeted phishing attack. The company, formally known as Intuitive Surgical Inc., is headquartered in Sunnyvale, Calif., and its systems are installed in hospitals across more than 70 countries.

According to the company's notification, an unauthorized third party accessed information from certain internal IT business applications after compromising an employee's credentials. The exposed data includes customer business and contact information, as well as Intuitive employee and corporate data.

The company has not disclosed the total number of individuals affected by the incident.

How a phishing attack led to unauthorized access

In March 2026, Intuitive announced that it had determined an unauthorized third party accessed information from its internal IT business applications. The breach was the result of what the company described as a "targeted cybersecurity phishing incident," according to a statement posted on its website.

The attacker gained access through an employee's compromised credentials. Those credentials allowed entry into Intuitive's internal business administrative network, where the unauthorized party was able to access certain data. The specific information obtained includes some customer business and contact information, as well as Intuitive employee and corporate data.

Intuitive stressed that the breach did not involve its medical products. The company stated that its da Vinci surgical systems, Ion bronchoscopy platform and digital products were not impacted and "continue to be safe and operational," according to the notification.

The company explained that its network infrastructure is segmented, meaning the networks supporting internal business applications are separate from those that run its manufacturing operations, robotic platforms and digital products.

What Intuitive has done in response

Upon discovering the incident, Intuitive said it activated its incident response protocols and secured all affected applications. The company stated that it took immediate action to assess and contain the breach, begin an investigation, review its security protocols and remind employees of online security training and processes.

Intuitive said it is communicating directly with its customers and notifying appropriate data privacy regulators about the incident. The company stated that the investigation is ongoing and that it will share updates as appropriate.

The company also noted that there has been no impact on its operations or its ability to serve customers. According to the notification, the company's robotic systems "have their own security protocols and operate independently of our internal business network."

The notification did not mention whether Intuitive is offering credit monitoring or identity protection services to those whose information was accessed.

Steps to take if your information may have been exposed

Because the investigation is still ongoing, affected individuals should watch for further updates from Intuitive about the scope of the breach and any additional steps that may be recommended.

Be alert for phishing attempts. People whose information may have been exposed should watch carefully for suspicious emails, phone calls or text messages. Scammers sometimes use stolen contact information to craft convincing messages that appear to come from trusted companies.

Monitor credit reports. Although financial data does not appear to have been part of this breach, it is still a good practice to review credit reports regularly. Consumers can access free credit reports at AnnualCreditReport.com.

Review business accounts. Customers of Intuitive whose business contact information may have been accessed should monitor their business accounts and communications for any unusual activity.