Stryker Corp. revealed that the cyberattack which occurred last month had a material impact on its operations and will impact its financial results for the first quarter of 2026. However, the company said in an SEC filing that it is now fully operational and does not expect the incident to have a material impact on its 2026 full-year guidance.
Stryker Corp. is scrambling to recover from a cyberattack that’s disrupting its global network and being claimed by pro-Iranian hackers. “At this time, there is no indication of malware or ransomware, and we believe the situation is contained to our internal Microsoft environment only,” the Kalamazoo, Mich.-based med-tech company said March 12.
The U.S. FDA released the latest version of its premarket cybersecurity guidance regarding medical devices, replacing the 2025 edition and offering recommendations on implementing measures for preventing digital attacks or authorized access.
The Advanced Research Projects Agency for Health (ARPA-H) is taking aim at the shortage of medical services with a program designed to foster development of micro-robots, or microbots, which will autonomously conduct part or all of a variety of surgical procedures.
The U.S. Department of Justice announced July 31 that Illumina Inc. agreed to pay $9.8 million to settle allegations it sold genomic sequencing equipment that suffered from cybersecurity problems. The settlement concludes a qui tam lawsuit filed by a former employee and highlights the hazards of poor cybersecurity for med-tech firms.
The U.S. Federal Trade Commission announced a $14.6 million grant it received for an upgrade of its IT infrastructure. The same grant mechanism is leveraged by the Department of Justice, which is a clear sign that U.S. enforcement will be more vigorously enabled by sophisticated analytics going forward.
The continuing proliferation of U.S. state privacy law drew the attention of developers of med-tech wearables for some time, but a recent Senate hearing delivered the news to Congress that a failure to preempt it will slow digital health innovation to a crawl.
The U.S. FDA finalized the latest edition of its premarket cybersecurity guidance, but the agency is of the view that any device with software is subject to the terms of the guidance even though the statute would seem to exempt device software that lacks connectivity.
The U.S. FDA’s authority to require cybersecurity measures in premarket submissions is a radical change for industry, but firms must document that they have erected solid cybersecurity measures.
Makers of digital health apps are not often subject to the provisions of the Health Insurance Portability and Accountability Act (HIPAA), but any such liabilities may soon become more onerous. The Department of Health and Human Services released a draft update for HIPAA cybersecurity mandates – the final version of which is sure to be accompanied by much more vigorous enforcement.
