Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records.
Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach.
Medtronic is an international medical equipment giant with 90,000 employees and operations in 150 countries. It is the largest medical device maker in the world by revenue ($33.5 billion) and also develops healthcare technologies and therapies.
Medtronic said an unauthorized party accessed data in some corporate IT systems. It found no impact on products, patient safety, operations, financial systems, or care delivery. The company noted its IT, product, and manufacturing networks are separate, and hospital networks remain independently managed and secure.
“Medtronic has determined that an unauthorized party accessed data in certain Medtronic corporate IT systems. We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs.” reads the press release published by the company. “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate. Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.”
Medtronic states it had contained the breach and activated incident response with the help of external cybersecurity experts. It’s assessing if personal data was exposed and will notify affected individuals, offering them support.
On April 18, ShinyHunters added the company to its Tor data leak site, claiming the theft of over 9 million records, including personal data and internal files. Initially, the group threatened to leak the data if the ransom was not paid by April 21, but the listing has since disappeared. The company is investigating and says it will notify and support affected individuals if data exposure is confirmed.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
