Cybercrime Gang ShinyHunters Claimed to Steal 9M Records
In a troubling revelation, medical device manufacturer Medtronic informed federal authorities that its corporate IT system had been infiltrated by cybercriminals. Despite this breach, the company stated that its products, manufacturing, and distribution operations remain unharmed. Notably, the notorious cybercrime group ShinyHunters has claimed responsibility for this breach, asserting that they have stolen about 9 million of Medtronic’s records.
In a regulatory filing to the U.S. Securities and Exchange Commission, dated Friday, Medtronic clarified that no adverse effects on patient safety or on its electronic connections to customers have been identified. Furthermore, the company stressed that the incident will likely not lead to a significant decrease in earnings.
Based in Minneapolis, Medtronic operates in approximately 150 countries and supports about 79 million individuals globally each year with an extensive suite of devices, ranging from cardiac and neurologic devices to robotic-assisted surgical tools. Financially, the company reported revenues of $33.5 billion for the fiscal year 2025, underscoring its substantial presence in the healthcare landscape.
At the time of this report, Medtronic had not provided additional details to ISMG about the specifics surrounding the cyber incident. ShinyHunters, on the other hand, publicly declared on their dark web site on April 18 that they had acquired 9 million records from Medtronic, which allegedly contained personal identifiable information and internal corporate data. They threatened to release this information unless a ransom was paid by April 21, as reported by BleepingComputer.
This incident is not isolated; ShinyHunters has also claimed responsibility for another recent hack involving home security company ADT, stealing personal identifiable information related to approximately 5.5 million customers. This trend of high-profile breaches raises alarm within the technology and healthcare sectors.
The attack on Medtronic marks at least the fourth significant cyber incident disclosed in recent weeks involving major U.S.-based medical technology manufacturers. Earlier, medical equipment firm Stryker fell victim to a “wiper attack,” which was allegedly orchestrated by the Iranian hacktivist group known as Handala. Stryker, in a previous announcement, has indicated that it anticipates a negative impact on its financial performance for the first quarter, underscoring the broader implications of cyber threats in the industry.
Moreover, California-based TriMed, a manufacturer of implantable orthopedic devices, recently disclosed being targeted by a cybersecurity breach. Similarly, Massachusetts-based UFP Technologies, specializing in single-use medical devices and healthcare supplies, has also acknowledged a data breach. The frequency of these cyberattacks has sparked urgent discussions regarding cybersecurity protocols within the healthcare sector.
Experts are voicing significant concerns regarding the ongoing pattern of cyberattacks on medical device manufacturers. Tim Mackey, who heads the software supply-chain risk strategy at Black Duck, emphasized the urgent need for all players within the healthcare space—ranging from device manufacturers to service providers—to invest heavily in threat modeling and risk assessment. Mackey warned that cybercriminals show little regard for patient safety, putting both healthcare companies and the individuals they serve at considerable risk.
The situation concerning Medtronic and other similar breaches illustrates not only the vulnerabilities faced by healthcare organizations but also raises important questions about the robustness of data protection strategies in an increasingly digital world. As the healthcare industry continues its digital transformation, a strengthened cybersecurity stance will be essential to safeguard sensitive information and maintain trust with patients and stakeholders alike.