Medtronic says ShinyHunters hackers stole around 9 million medical records in latest attack

News
By published

Medtronic confirms the attackers' claims

Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
(Image credit: Shutterstock)
  • A major medical device manufacturer disclosed a cyberattack affecting corporate IT systems
  • The company emphasized that products, patient safety, and operations remain unaffected
  • A ransomware group claimed to have stolen millions of records, though details remain unclear

Medtronic, one of the biggest medical device manufacturers in the world, has confirmed suffering a cyberattack in which crooks “accessed data in certain Medtronic corporate IT systems.”

In a security notification published on its website, Medtronic said the attack does not affect its customers or products, and also stressed it will continue operating as usual, without any disruptions:

“We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems, or our ability to meet patient needs,” Medtronic said in its announcement. “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate.”

Article continues below

Were subsidiaries affected, too?

It said that its hospital customer networks are separate from Medtronic IT networks and are “secured and managed by customers’ IT teams.”

Besides the data breach notification, the company also filed a new 8-K report with the US Securities and Exchange Commission (SEC). Some sources have found that a Medtronic subsidiary called MiniMed Group also submitted a regulatory filing, stating that the attack most likely did not spill into its IT system and that it does not expect any material impact.

Medtronic is widely recognized as the largest pure-play medical device manufacturer in the world by revenue. It operates in more than 150 countries and employs just under 100,000 people.

Last week, the infamous ShinyHunters ransomware group added Medtronic to its website, saying they stole more than nine million records. The records allegedly included personally identifiable information (PII) and internal corporate data. Since then, the Medtronic entry was removed from the leak site, suggesting that the company either paid the ransom or is, at least, negotiating the release of the files.

Medtronic has not yet commented on being removed from the data leak website.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.