Medtronic breach notifications reach 3.8 million people with SSNs and health data exposed
Medtronic has begun notifying about 3.8 million people that their data was exposed in the breach of its corporate IT systems earlier this year, giving a concrete scale to the ShinyHunters attack it first disclosed in April. The exposed information includes names, contact details, dates of birth, Social Security numbers, and health-related data, a more sensitive set than the company initially detailed. The intrusion, which the extortion group claimed involved around nine million records, was limited to corporate systems, with Medtronic saying its products, patient safety, and device networks were not affected. Affected individuals are being offered credit monitoring, and several class-action lawsuits have followed.
- Check
- People who have been customers, patients, or partners of Medtronic should watch for a notification letter, take up any offered credit monitoring, and stay alert to phishing that references Medtronic.
- Affected
- About 3.8 million individuals whose names, contact details, dates of birth, Social Security numbers, and health information were exposed in Medtronic's corporate IT breach; device networks and patient safety were not affected.
- Fix
- Affected people should enroll in the offered monitoring, consider a credit freeze given the exposed Social Security numbers, and treat medical-themed phishing with caution. Organizations should segment corporate IT from clinical systems.