Are You Prepared for a Cybersecurity Incident?
April 14, 2026From medical device manufacturers to health technology and telehealth companies, recent cyber incidents show how exposed the sector remains to operational disruption, data compromise, and reputational harm. In an environment shaped by growing digital dependence, sophisticated threat actors, and heightened geopolitical tension, companies should take a fresh look at whether their cybersecurity and incident response programs are ready for what comes next.
Medical Device and Health Tech Hit by Cyber Attacks
Recent incidents affecting companies across the sector illustrate how cybersecurity events can disrupt not only data environments, but also core business functions such as manufacturing, order processing, shipping, and customer support. For medical device and pharmaceutical manufacturers, these developments reinforce the need to take stock of their cybersecurity and privacy programs in light of continued cyberattacks targeting high-value data and systems in the health tech and medical products industries. These risks can be heightened by current geopolitical circumstances.
CareCloud
On March 16, CareCloud, a major healthcare technology and electronic health record (EHR) vendor, disclosed a security incident in a Securities and Exchange Commission filing. In that filing, the company stated that it “believes that the incident was caused by an unauthorized third party who temporarily had access to the system.” CareCloud also noted that it “continues to assess whether, and the extent to which, patient information or other data was accessed or exfiltrated.”
Stryker
On March 11, Stryker announced that it had been the victim of a cyberattack that caused global disruptions across numerous internal systems supporting order processing, manufacturing, and shipping.
The attack targeted Stryker’s Microsoft environment, impacting some product ordering systems Stryker operated. The company indicated that its Investigation determined the attack had not impacted the safety or effectiveness of any medical devices. An Iran-affiliated hacking group took credit for the incident, highlighting how geopolitical circumstances can elevate cyberthreats.
Hims & Hers
Telehealth provider and online pharmacy Hims & Hers discovered a data breach impacting its customer service platform on February 5. While the company reported medical records were not compromised, various support tickets containing personal information were accessed without authorization. Some reports indicated that the breach resulted from compromised “single sign-on” accounts obtained through social engineering targeting company employees.
Practical Implications
FDA-regulated companies should take note. Elaborate and sophisticated cyberattacks continue to ramp up in an increasingly online world of big data, connected devices, third-party software vendors, and artificial intelligence-powered tools. As we’ve previously noted, companies that handle sensitive patient information or manufacture medical products should evaluate whether their current cybersecurity and privacy protections are sufficient and whether they have a documented, workable plan for responding to incidents.
“It is critical for companies handling sensitive information to deploy, monitor, and update cybersecurity and privacy programs, including a robust cyber incident response plan. Cyberattacks against the industry are not going away and AI-powered tools make these attacks easier than ever to deploy.”
Paul Rothermel, Managing Attorney
How Gardner Law Can Help
Gardner Law works with drug and device manufacturers to operationalize regulatory expectations, develop information security program policies and procedures, and ensure adherence to compliance frameworks including HIPAA and other privacy and security laws and regulations. Whether you’re in a research phase or fully commercialized, now is the time to evaluate your security posture, identify gaps, and build or enhance your security measures to protect your company’s critical information assets. Contact us to get started.