MEDTRONIC confirmed a breach of its IT systems after ShinyHunters claimed to have stolen over 9 million records, according to the company's press release and subsequent reporting. The firm said an unauthorized party accessed data in certain Medtronic corporate IT systems, but it found no impact on products, patient safety, operations, financial systems or care delivery, noting that its networks are separate from hospital networks.
Medtronic added that it had contained the breach and activated incident response with external cybersecurity experts, and that it is assessing whether personal data was exposed and will notify affected individuals if there is exposure. On 18 April, ShinyHunters listed the theft on its Tor data leak site, claiming the data included personal information and internal files, with an April 21 deadline for ransom that was not paid, after which the listing disappeared.
Medtronic has 90,000 employees and operates in 150 countries, and the company said it will notify and support affected individuals if data exposure is confirmed.