MEDTRONIC has confirmed a data security incident affecting its corporate IT systems, reporting that an unauthorized party accessed certain internal environments. The disclosure comes after ShinyHunters claimed to have exfiltrated more than nine million records containing personal information and large volumes of internal corporate data, though Medtronic has not verified those figures and says it is still investigating the scope of the incident.
According to ShinyHunters, the group’s claims were made in mid-April and included a ransom deadline, with threats to publish the data if demands were not met; the group later removed Medtronic from its leak site, though no confirmation of negotiations has been provided. Medtronic emphasised that hospital networks used by customers are managed independently and were not exposed through this incident, and an ongoing investigation will determine whether any sensitive data was accessed.
If data exposure is confirmed, affected individuals will be notified and offered support services, and Medtronic stated that it acted quickly by activating incident response measures and bringing in external cybersecurity specialists. The company does not anticipate a material impact on its business or financial performance, but full implications will depend on the investigation’s outcome.