- A major medical device manufacturer disclosed a cyberattack affecting corporate IT systems
- The company emphasized that products, patient safety, and operations remain unaffected
- A ransomware group claimed to have stolen millions of records, though details remain unclear
Medtronic, one of the biggest medical device manufacturers in the world, has confirmed suffering a cyberattack in which crooks “accessed data in certain Medtronic corporate IT systems.”
In a security notification published on its website, Medtronic said the attack does not affect its customers or products, and also stressed it will continue operating as usual, without any disruptions:
“We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems, or our ability to meet patient needs,” Medtronic said in its announcement. “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate.”
Article continues below
Were subsidiaries affected, too?
It said that its hospital customer networks are separate from Medtronic IT networks and are “secured and managed by customers’ IT teams.”
Besides the data breach notification, the company also filed a new 8-K report with the US Securities and Exchange Commission (SEC). Some sources have found that a Medtronic subsidiary called MiniMed Group also submitted a regulatory filing, stating that the attack most likely did not spill into its IT system and that it does not expect any material impact.
Medtronic is widely recognized as the largest pure-play medical device manufacturer in the world by revenue. It operates in more than 150 countries and employs just under 100,000 people.
Last week, the infamous ShinyHunters ransomware group added Medtronic to its website, saying they stole more than nine million records. The records allegedly included personally identifiable information (PII) and internal corporate data. Since then, the Medtronic entry was removed from the leak site, suggesting that the company either paid the ransom or is, at least, negotiating the release of the files.
Medtronic has not yet commented on being removed from the data leak website.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
