Medical device maker Medtronic acknowledged a network breach affecting corporate IT systems, with hackers claiming access to approximately 9 million records. The company is investigating the scope and impact of the incident.
Medtronic, one of the world's largest medical device manufacturers, disclosed last week that unauthorized actors breached its network and accessed data stored in certain corporate IT systems.
Hackers have claimed responsibility for stealing roughly 9 million records from the company. Medtronic has not independently verified the exact number of affected records or confirmed the full extent of the breach.
The company stated it discovered the unauthorized access and immediately initiated an investigation in cooperation with external cybersecurity experts and law enforcement. Medtronic said it is working to determine what specific data was accessed and is notifying affected individuals as appropriate.
Details remain limited about the breach timeline, attack methods, or which systems were compromised. Medtronic has not disclosed whether the incident affected patient data, employee information, or other sensitive corporate records.
The breach adds Medtronic to a growing list of healthcare organizations targeted by cyber attacks. Medical device and healthcare IT infrastructure has become an increasingly attractive target for threat actors seeking high-value data.
Medtronic manufactures insulin pumps, pacemakers, surgical tools, and other critical medical devices used globally. A significant breach of corporate systems raises questions about potential operational impacts, though the company has not indicated any disruption to device manufacturing or patient care.
The company advised individuals to monitor accounts for suspicious activity and take standard precautions against identity theft. Medtronic is offering complimentary credit monitoring and identity theft protection services to affected parties.
The incident follows regulatory pressure on healthcare organizations to strengthen cybersecurity defenses. Federal agencies including CISA have repeatedly warned about vulnerabilities in medical device ecosystems and urged manufacturers to implement robust security measures.
Medtronic said it continues its investigation and will provide additional information as details become available.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.