Medtronic says cyberattack did not disrupt its operations

Large medical devices maker Medtronic on April 24 said it was hit by a cyberattack that led to unauthorized access to data in some of its corporate IT systems. 

However, in a statement, Medtronic said it had not identified any impact to its products, patient safety, or connections to its customers, manufacturing and distribution operations, financial reporting systems, or the company’s ability to meet patient needs.

“The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate,” said the company. “Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.”

The attack raised some eyebrows because it was reportedly claimed by Handala, the same group that was behind the attack on Stryker March 11 that led to service disruptions. This was the second publicly reported attack on a large medical device maker since the war with Iran started Feb. 28.

“Handala didn't target Medtronic by accident,” said Amir Khayat, co-founder and CEO of Vorlon. “Critical infrastructure, complex vendor networks, sensitive data, and known security gaps make healthcare one of the most attractive targets in the world. The teams that find out their exposure after an incident are the ones who never looked before it."

Khayat pointed out that Medtronic runs one of the largest medical device companies in the world. And, while it’s good news that its operations weren't disrupted, Khayat said security teams should not take that news as the main headline.

“The attacker got in, and data was accessed,” said Khayat. “And, the investigation into what was actually touched is still ongoing.”

Agnidipta Sarkar, chief evangelist at ColorTokens, said this attack highlights the escalating threat landscape facing the healthcare and medical technology sectors. While Medtronic successfully contained the breach to its corporate IT network, preventing disruption to its manufacturing and product lines, the incident underscores the critical need for robust measures so teams are ready for the next possible breach.

“At the heart of the challenge are high levels of both complexity and uncertainty,” said Sarkar. “Technologies such as microsegmentation, especially agentless with EDR, contribute significantly to building this capability.”