Surmodics still recovering after June cyberattack

Surmodics has revealed that it is still recovering after it was hit by a cyberattack in June 2025.

In a Form 8-K filed with the US Securities and Exchange Commission (SEC), the maker of the Pounce XL thrombectomy system for clot removal said that on 5 June, the US-based company discovered that a third party had gained unauthorised access to ‘certain’ IT systems, rendering them ‘unavailable’ to the company.

Surmodics has been able to continue accepting customer orders and shipping products without any customer impact by using alternative IT systems following the breach. The company noted that to its knowledge, the threat actor had not released any of its data, including any third-party data, or used any such data for any fraudulent purposes. It continues to evaluate the “scope and details of the IT data” stolen in the attack.

Containment measures were initiated once the breach was identified, with certain IT systems taken offline. Surmodics added that it implemented its security incident response plan and that remaining IT systems and data are currently being restored and validated.

Surmodics is not the only medtech company to have experienced a cyberattack this year. In May, medical technology company Masimo revealed that ‘unauthorised activity’ had been detected on its on-premise network in April. The incident disrupted certain activities at the patient monitoring company’s manufacturing facilities and hindered its ability to process and ship customer orders effectively.

According to Masimo, the attack did not affect its cloud-based hospital data systems, with no evidence of any employee or patient data being compromised.

Research indicates that cyberattacks on healthcare organisations are on the rise, due in part to outdated legacy systems and increased vulnerabilities due to the rise of Internet of Things (IoT) devices and the overall richness of the data available to bad actors.

According to KPMG, due to cyber threats, the functioning of healthcare systems has reached a “tipping point”.

With the rise of AI-powered medical transcription tools being deployed in healthcare systems, KPMG states that there is an increasing onus on chief information security officers (CISOs) to ensure that data privacy, access management, and other security protocols are well-developed as a means to protect sensitive patient information.

According to GlobalData, cybersecurity spending by healthcare providers is growing at a CAGR of 12.5% to reach a valuation of $10.9bn by 2027.

"Surmodics still recovering after June cyberattack" was originally created and published by Medical Device Network, a GlobalData owned brand.

Story Continues

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.

View Comments