- A major medical device manufacturer disclosed a cyber attack affecting the company’s IT systems
- The company stressed that products, patient safety and operations remain unaffected
- A ransomware group claimed to have stolen millions of records, though details remain unclear
Medtronic, one of the largest manufacturers of medical devices in the world, has confirmed that it has been the victim of a cyber attack in which criminals “gained access to data in certain Medtronic IT systems.”
In a security statement published on its website, Medtronic said the attack does not affect its customers or products, and also stressed that it will continue to operate as normal without any disruption:
“We have not identified any impact on our products, patient safety, relationships with our customers, our manufacturing and distribution activities, our financial reporting systems, or our ability to meet patient needs,” Medtronic said in its announcement. “The networks that support our company’s IT systems, our products and our production and distribution activities are separate.”
The article continues below
Were subsidiaries also affected?
It said its hospital customer network is separate from Medtronic’s IT network and is “secured and managed by the customers’ IT teams.”
In addition to the data breach notification, the company also filed a new one 8-K report with the US Securities and Exchange Commission (SEC). Some sources have learned that a Medtronic subsidiary called MiniMed Group also submitted a regulatory filing stating that the attack most likely did not enter its IT system and that it does not expect any significant impact.
Medtronic is widely recognized as the largest pure medical device manufacturer in the world by revenue. It operates in more than 150 countries and employs just under 100,000 people.
Last week, the infamous ShinyHunters ransomware group added Medtronic to its website and said they stole more than nine million records. The records allegedly included personally identifiable information (PII) and internal company data. Since then, the Medtronic post was removed from the site of the leak, suggesting that the company has either paid the ransom or is at least negotiating to release the files.
Medtronic has yet to comment on being removed from the website for the data leak.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
