MEDTRONIC has confirmed a hack after the ShinyHunters cybercrime group claimed to have stolen millions of records, with the site stating it listed Medtronic on its leak page on 17 April and alleging the theft of more than 9 million records containing personal information. The company said it has not identified any impact to products, patient safety, or manufacturing and distribution operations, and noted that the networks supporting its IT systems are separate from hospital networks managed by customers.
SecurityWeek reports that Medtronic has since been removed from ShinyHunters’ website, which the outlet notes could indicate a ransom payment. MiniMed, Medtronic’s diabetes-focused subsidiary, filed a report with the SEC stating its own IT systems were not affected by the incident. Medtronic said it is working to identify any personal information that may have been accessed, and the article credits the company’s communications as the basis for its stance. According to Medtronic, the hospital customer networks remain secured and separate from Medtronic’s own IT networks.