Medtronic Confirms Major Cyberattack by ShinyHunters Syndicate
In-depth analyses of real-world cyber incidents and emerging threat trends, authored exclusively by our analysts.
Medtronic, one of the biggest medical device manufacturers in the world, has confirmed suffering a cyberattack. The company admitted that criminals accessed data in certain corporate IT systems. Medtronic provides a wide range of solutions from pacemakers to surgical robots and employs over 95000 people across 150 countries.
Patient Safety and Segregated Networks
In a security notification published on its website, Medtronic stressed it will continue operating as usual without any disruptions. The attack does not affect its customers or products.
We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs.
The company emphasized that the networks supporting corporate IT systems are completely separate from product operations. Furthermore, hospital customer networks remain entirely separate from Medtronic IT networks and are secured by the IT teams of the hospitals.
Subsidiary Status
Besides the main data breach notification, the company filed a new regulatory report with the SEC. A subsidiary named MiniMed Group also submitted a filing. They stated that the attack most likely did not spill into their own IT system and that they do not expect any material impact from the incident.
The Ransomware Ultimatum
The infamous ShinyHunters cybercrime group listed Medtronic on its leak website on April 17. The hackers claimed to have compromised more than 9 million records. These files allegedly contained personal information along with terabytes of corporate data. The group gave the company until April 21 to pay a ransom, threatening to leak the stolen data.
The Aftermath and Investigation
Medtronic has since been removed from the leak website of the hackers. This removal strongly indicates that the organization may have paid a ransom or is actively negotiating the release of the files. The company has yet to confirm the exact theft of data but says it is working to identify any personal information that may have been accessed.
