Medtronic confirms breach after hackers claim 9 million records theft

Summary

Medical device manufacturer Medtronic disclosed a breach of corporate IT systems after the ShinyHunters threat group claimed to have stolen over 9 million records containing personally identifiable information. The attackers demanded ransom by April 21 but Medtronic has since been removed from ShinyHunters' public leak site. The company states the breach did not impact patient safety, products, or manufacturing operations, as those systems are segregated from corporate IT networks.

Full text

Medtronic confirms breach after hackers claim 9 million records theft By Bill Toulas April 27, 2026 09:50 AM 0 Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.” The confirmation comes after the infamous data extortion group ‘ShinyHunters’ claimed the intrusion and the theft of more than 9 million records from the company. Medtronic is an international medical equipment giant with 90,000 employees and operations in 150 countries. It is the largest medical device maker in the world by revenue ($33.5 billion) and also develops healthcare technologies and therapies. Medtronic disclosed the incident on its website, saying that the breach did not impact customers or products and that business operations remained unaffected. “We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems, or our ability to meet patient needs,” reads Medtronic's announcement. “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate.” “Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.” Although Medtronic did not provide additional information about the attack or its perpetrators, threat actor ShinyHunters listed the company among its victims, stating that their breach resulted in the theft "over 9 million records containing PII [personally identifiable information]." The threat actor also claims to have compromised "terabytes of internal corporate data" and pressured the company to pay under the threat of a leak. Source: BleepingComputer The hackers listed Medtronic on April 18 and threatened to release the stolen data unless the company engaged in negotiations for a ransom payment by April 21. Currently, Medtronic is no longer visible on ShinyHunters' data leak site. BleepingComputer has contacted Medtronic with questions, and we will add an update to this post when we receive a response. Meanwhile, the company stated that an investigation is underway to determine whether any personal data has been accessed by the hackers. If customer data exposure is confirmed, Medtronic will send notifications and provide support services to those who need them, the company promised. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Home security giant ADT data breach affects 5.5 million peopleMcGraw-Hill confirms data breach following extortion threatHims & Hers warns of data breach after Zendesk support ticket breachEuropean Commission confirms data breach after Europa.eu hackAura confirms data breach exposing 900,000 marketing contacts

Entities