Medtronic, the company that makes pacemakers, insulin pumps, and other life-saving medical devices used by millions of people worldwide, has confirmed that hackers broke into its corporate IT systems and stole personal data. The ShinyHunters cybercrime gang listed Medtronic as a victim on April 18, claiming the theft of more than 9 million records containing personal information, along with terabytes of internal corporate files.
Medtronic says the attack did not affect its medical devices, patient safety, or its ability to manufacture and ship products. However, the 9 million stolen records reportedly contain personally identifiable information — the kind of data that can be used for targeted phishing attacks, medical identity fraud, or fraudulent insurance claims. Medical data is especially prized by criminals because it rarely changes and can be combined with other stolen records to build convincing fake identities. Medtronic is no longer visible on ShinyHunters’ public leak site, suggesting a possible agreement was reached, but the data has already left the company’s control.