On approximately 31 March 2026, a California-based maker of implantable orthopedic devices disclosed it had been the victim of a cybersecurity incident. DataBreachToday reported the company as the ’latest medical device maker in recent weeks to disclose a cybersecurity incident,’ suggesting a pattern of similar attacks against medical device manufacturers in early 2026. Implantable orthopedic devices include spinal implants, joint replacements (hip, knee, shoulder), bone plates, and screws. California-headquartered implantable orthopedic device companies include Alphatec Holdings (Carlsbad, CA — focused on spinal systems), Surgalign (previously Holo Surgical), Conformis, and others. The breach of a medical device manufacturer raises concerns beyond standard data privacy: potential exposure of proprietary device designs, patient implant registries, clinical trial data, FDA 510(k) regulatory submissions, and manufacturing specifications. Medical device intellectual property is a high-value target for both financially motivated criminals and nation-state actors engaged in industrial espionage. The US FDA’s cybersecurity requirements for medical device manufacturers (strengthened under the Consolidated Appropriations Act of 2023) require device makers to maintain robust cybersecurity programmes and disclose vulnerabilities. The company notified relevant regulatory bodies and was investigating the scope of the breach.