Medtronic Notifies More Than 3.8 Million People After Data Breach Linked to ShinyHunters Attack

Views: 85 views

368/69 Tuesday, July 7, 2026

Medtronic, a major global medical device manufacturer, has notified 3,834,294 individuals after a cyberattack linked to the ShinyHunters data extortion group may have exposed certain personal and medical information to unauthorized access. Medtronic is a medical technology and device company with approximately 90,000 employees, operating in 150 countries, and is considered the world’s largest medical device manufacturer by revenue. The ShinyHunters group claimed that it stole more than 9 million records from Medtronic and listed the company on its Tor-based data leak site.

Medtronic stated that, on April 15, 2026, it detected suspicious activity in certain parts of its corporate IT systems and began an investigation with the assistance of external cybersecurity experts. The investigation found that attackers had access to some of the company’s IT systems between April 13 and April 19, 2026. However, Medtronic stated that there was no impact on its products, patient safety, customer connectivity, manufacturing and distribution, financial reporting systems, or its ability to meet patient needs. The company explained that the networks supporting its corporate IT systems, products, and manufacturing are separated from each other. In addition, customer hospital networks remain separate from Medtronic’s IT systems and are managed by each customer’s own IT team.

The information that may have been affected includes names, contact information, dates of birth, Social Security numbers, and health-related information of patients who use Medtronic medical devices. The company stated that it has not found evidence that the information has been publicly released or exposed on the internet. Medtronic said it has contained the incident, implemented additional protective measures, worked with law enforcement, and notified relevant regulatory authorities. The company is also offering affected individuals 24 months of complimentary credit monitoring, dark web monitoring, and identity theft restoration services.

Source: https://securityaffairs.com/194788/cyber-crime/medtronic-notifies-3-8-million-after-shinyhunters-data-breach.html