Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Medtronic Data Breach Impacts 3.8 Million People

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach.

The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems.

Medtronic confirmed the attack in late April, noting that its products and manufacturing and distribution operations were not affected.

ShinyHunters had added the company to its Tor-based leak site on April 17, claiming the theft of over 9 million records of personal information, and terabytes of corporate data.

The group has since removed Medtronic from the website, which suggests that the company might have paid a ransom to recover the stolen information.

This week, the medical technology titan started sending written notification letters to the affected individuals, confirming that the hackers stole patients’ personal and medical information, including names, contact details, dates of birth, Social Security numbers, and health-related details.

Advertisement. Scroll to continue reading.

“We have no evidence that any of that information was posted publicly or exposed on the internet,” reads a copy of the company’s notification letter (PDF) submitted to the California Attorney General’s Office.

Medtronic told the Indiana Attorney General’s Office that 3,834,294 individuals were affected by the incident.

The company is providing them with 24 months of free credit monitoring, dark web monitoring, and identity theft restoration services.

“Medtronic has implemented additional safeguards and continues to work with third-party cybersecurity experts to identify opportunities to further strengthen the security of its systems. Medtronic has also worked with law enforcement and is notifying relevant regulatory authorities,” the company said.

Related: Aflac Japan Data Breach Impacts 4.38 Million

Related: Nissan Employee Data Breached in Oracle PeopleSoft Hack

Related: More Klue Breach Victims Identified as Hackers Get Hacked

Related: Xsolis Data Breach Affects 1.4 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.