Cyberattack on Masimo Patient Monitoring Device Company

by

Masimo, a producer of patient monitoring devices, submitted a Form 8-K to the U.S. Securities and Exchange Commission (SEC) to notify investors concerning a cyberattack that has impacted its production facilities. Masimo stated some of its production facilities were running at under normal levels from the time of the attack, which is impacting the company’s capability to process, carry out, and deliver customer purchases.

Masimo is an international producer of patient monitoring devices, such as brain and breath monitoring, blood oxygen saturation and pulse rate monitoring, remote patient monitoring systems, and blood constituents. Healthcare companies, doctors’ offices, EMS suppliers, long-term care facilities, and patients use Masimo’s devices.

Masimo discovered unauthorized activity within its on-site system on April 27, 2025. It implemented incident response protocols immediately, like isolating the breached systems to limit the impact of the incident. Third-party cybersecurity experts helped with the investigation and recovery. Maximo reported the incident to the authorities and is managing its action with them. Work is ongoing to securely bring the impacted portions of its system back on the web.

Masimo stated that the investigation is continuing to confirm the total extent, nature, and effect of the attack. Presently, the incident seems to have just impacted its on-site IT accounts. Its web-based systems do not seem to have been impacted. Masimo CEO Katie Szyman stated in an earnings call that the incident has impacted the company’s web page and some computer systems. Although the investigation is continuing and the complete scope of the incident is not yet confirmed, Szyman stated she doesn’t think the incident will affect the company’s financial standing. More information on the precise nature of the attack is not revealed, like whether ransomware was used. At this time of the investigation, there is no certainty that sensitive information was stolen during the attack. No HIPAA violation penalties in sight yet.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]