Medtronic Confirms Data Breach After ShinyHunters Claims

Medical device giant Medtronic has confirmed a data security incident affecting its corporate IT systems following claims by a cybercrime group that millions of records were stolen. The company said last week an unauthorized party accessed certain internal systems but reported no disruption to products, patient safety or operations. The disclosure follows allegations by ShinyHunters, which listed the firm on its leak site in mid-April. The group claimed to have exfiltrated more than nine million records containing personal information, along with large volumes of internal corporate data. Medtronic has not verified those figures and said it is still investigating the scope of the incident. Corporate Systems Breach Under Investigation According to Medtronic, the intrusion was limited to specific corporate IT environments. The company also emphasized that hospital networks used by customers are managed independently and were not exposed through this incident. An investigation is ongoing to determine whether sensitive data was accessed. If confirmed, affected individuals will be notified and offered support services. The company said it acted quickly after detecting the breach, activating incident response measures and bringing in external cybersecurity specialists. Read more on cybersecurity threats in healthcare: Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices Claims made by ShinyHunters included a deadline for ransom negotiations, with threats to publish the data if demands were not met. The group later removed Medtronic from its leak site, a move that can sometimes indicate negotiations or other developments, though no confirmation has been provided. The incident adds to a growing number of cyber-attacks targeting large healthcare and medical technology organizations. While Medtronic stated it does not expect a material impact on its business or financial performance, the full implications will depend on the outcome of the ongoing investigation and any confirmed data exposure. Infosecurity contacted Medtronic for further information regarding these claims.