🟠 High | Source: The Register — Security
Medtronic, a major medical device manufacturer producing pacemakers and insulin pumps, has notified patients that their health data may have been stolen in an attack by the ShinyHunters cybercrime group. The disclosure comes months after the breach occurred, raising concerns about the delayed notification of affected individuals. The incident exposes sensitive personal and medical data, carrying significant risks for patient privacy and potential downstream fraud.
Security Architect’s Take: If your organisation handles healthcare or medical IoT vendor data, audit third-party data sharing agreements and ensure breach notification SLAs are contractually enforced. Review data minimisation practices and confirm that sensitive health data held by supply chain partners is covered under your incident response and notification procedures.
Original advisory: Pacemaker manufacturer Medtronic warns patients cybercrooks may have swiped health data