Orthopedic implant manufacturer TriMed suffers data breach

TriMed, a California-based manufacturer that develops orthopedic implants to repair or replace damaged or broken joints, reported a data security incident that occurred in September 2025.  

The number of impacted individuals has not yet been confirmed, but TriMed determined that some of the impacted files contained personal information.  

TriMed launched an investigation after detecting suspicious activity within certain systems. It later confirmed that certain files were potentially accessed without authorization between Sept. 13 and Sept. 21, 2025. 

Further review revealed that the impacted files included order forms and invoices for orthopedic implant parts. TriMed said that while these files typically do not contain personal information, some did contain names, dates of birth and medical record numbers. 

"We took steps to address this incident promptly after it was discovered, including initiating an internal investigation and retaining an independent forensic investigation firm to assist us," TriMed stated.  

"Additionally, we have taken steps to further enhance the security of our systems. These efforts include strengthening existing security controls and threat detection practices, as well as integrating a global security operations center, all designed to help prevent this type of incident from recurring in the future. We will continue to review and update our security measures as appropriate." 

TriMed is the latest medical device manufacturer to report a cybersecurity incident. In February, Massachusetts-based UFP Technologies, which designs and manufactures disposable medical devices and sterile packaging, experienced a ransomware attack that potentially caused some of its data to be stolen or destroyed. 

In March, medical device manufacturer Stryker suffered a cyberattack that led to operational disruptions. The cyberattack was claimed by Iran-linked hacking group Handala. During this cyberattack, threat actors used a malicious file to stealthily run commands. The threat actors then gained access to Stryker's Microsoft Intune management console, prompting alerts from U.S. cyber authorities. 

These three incidents affirm the growing trend of cyberthreat actors targeting high-impact vendors and manufacturers. 

Jill Hughes has covered health tech news since 2021.