Medtronic Notifies 3.8 Million After ShinyHunters Data Breach


Medtronic Notifies 3.8 Million After ShinyHunters Data Breach

Pierluigi Paganini
July 05, 2026

Medtronic says a ShinyHunters attack exposed the personal and medical data of over 3.8 million people. Products and operations were unaffected.

Medtronic is notifying 3,834,294 individuals after a cyberattack by the ShinyHunters extortion group exposed personal and medical information.

In April 2026, Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach.

Medtronic is an international medical equipment giant with 90,000 employees and operations in 150 countries. It is the largest medical device maker in the world by revenue ($33.5 billion) and also develops healthcare technologies and therapies.

The company said an unauthorized party accessed data in some corporate IT systems. It found no impact on products, patient safety, operations, financial systems, or care delivery. The company noted its IT, product, and manufacturing networks are separate, and hospital networks remain independently managed and secure.

“Medtronic has determined that an unauthorized party accessed data in certain Medtronic corporate IT systems. We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs.” reads the press release published by the company. “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate. Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.”

Medtronic states it had contained the breach and activated incident response with the help of external cybersecurity experts. It’s assessing if personal data was exposed and will notify affected individuals, offering them support.

On April 18, ShinyHunters added the firm to its Tor data leak site, claiming the theft of over 9 million records, including personal data and internal files. Initially, the group threatened to leak the data if the ransom was not paid by April 21, but the listing has since disappeared. The company is investigating and says it will notify and support affected individuals if data exposure is confirmed.

This week, the technology firm started sending notification letters to the impacted individuals. Medtronic said the breached data may include patients’ names, contact details, dates of birth, Social Security numbers, and health information. The company added that it has found no evidence the stolen information has been publicly released or exposed online.

“On April 15, 2026, Medtronic became aware of unusual activity on certain corporate IT systems. Medtronic launched an investigation with the assistance of leading third-party cybersecurity experts to determine the impact and scope of the incident. The investigation determined that from April 13 to April 19, 2026, an unauthorized actor accessed certain Medtronic corporate IT systems.” reads the data breach notification. “With the assistance of data review specialists, we have been working diligently to determine the types of information that may have been subject to unauthorized activity and to whom they relate. What Information Was Involved? As a patient with a Medtronic medical device, our company collects data related to you in order to provide important product-related updates and to meet our legal obligations. The investigation to date has determined that the following types of information may have been impacted: name, contact information, date of birth, Social Security number, and health-related information. We have no evidence that any of that information was posted publicly or exposed on the Internet.”

Medtronic is offering 24 months of free credit monitoring, dark web monitoring, and identity theft recovery services to those impacted.

“Medtronic is committed to and takes very seriously our responsibility to safeguard all data entrusted to us.
As part of our ongoing commitment to the security of personal information in its care, Medtronic has implemented additional
safeguards and continues to work with third-party cybersecurity experts to identify opportunities to further strengthen the security
of its systems.” concludes the notification. “Medtronic has also worked with law enforcement and is notifying relevant regulatory authorities. In addition, we are offering you access to 24 months of complimentary credit monitoring, dark web monitoring (monitoring certain online sources for publication of personal information), and identity theft restoration services through Epiq. Details on the service and instructions for enrollment can be found in the enclosed Epiq – Privacy Solutions ID.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


1,000W, 10-port charger for $45... predictably disappointing.

1,000W, 10-port charger for $45… predictably disappointing. 

Adrian Kingsley-Hughes/ZDNET

Follow ZDNET: Add us as a preferred source on Google.


ZDNET’s key takeaways

  • Things that look “too good to be true” invariable are just that.
  • This example got dangerously hot in a short period of time before dying. 
  • There’s no legitimate charger that comes close to delivering on the 1,000W promise.

Being a tech reviewer for a living means that I get offered some very interesting things. Not interesting as in Bugatti supercars or jewel-encrusted Fabergé eggs, but interesting as in “this thing could easily be a fire hazard — want to take a look?”

Also: The best GaN chargers of 2026: Expert tested

Submissively, I often say yes. And I’m glad I did with the most recent pitch, because it was very interesting indeed.

Meet the “interesting” charger

This time around, the thing of interest was a charger that claimed to deliver an incredible 1,000W through its ten ports — four 140W USB-C ports, four 100W USB-C ports, and two 20W USB-A ports. 

The person who bought this charger told me that they’d plugged it in, used it to charge their phone for “a few minutes,” got worried when it became “a little hot,” and unplugged it.

That's a lot of promise... but (spoilers), they don't deliver!

That’s a lot of promise… but (spoilers), they don’t deliver!

Adrian Kingsley-Hughes/ZDNET

The unit was suspiciously light and plasticky, especially given its built-in power supply. Compare this to Ugreen’s Nexode 500W charger, which weighs a hair under 5 lb.

There was also a slight whiff of melty plastic, which made me think that this had been a bit more than a little hot. 

Also: This $4 router reboot timer is the cheap internet fix I didn’t know I needed – and it works reliably

Color me suspicious, but I had a gut feeling that the only way this charger would be able to push out 1,000W would be if it caught fire. 

Turns out I wasn’t far wrong.

How long would it last? Answer: Minutes

Talk is cheap. It was time to test the charger. 

So I plugged it in, turned it on, and started using it. Within a couple of minutes of starting to use it, I noticed a few things:

  • No matter what I tried, I couldn’t persuade the charger to deliver more than about 60W from any of the ports. 
  • As for peak output, I managed to get close to 250W.
  • The power output was very uneven and noisy, fluctuating wildly. The more ports I used, the worse it got.
  • The unit got very hot to the touch very quickly, even under light loads. 
  • But… before I could get the thermal camera out to check how hot it got, there was a pop and the unmistakable smell of “Magic Smoke.” The charger had been sent to Silicon Heaven within minutes.

Annnnd… POP! This is the moment the charger gave up the ghost.

Adrian Kingsley-Hughes/ZDNET

Diagnosis time

Time to take it apart and have a look inside. For an item that plugged into the mains power, this unit was shockingly easy to take apart. 

A thin sheet of easily removable plastic is a that separates curious hands from live AC power.

A thin sheet of easily removable plastic is a that separates curious hands from live AC power.

Adrian Kingsley-Hughes/ZDNET

And even unplugged and broken, it was capable of delivering zaps! If the case came off while this was plugged into an outlet, it could very easily be deadly.

There’s charge still in some of the capacitors, and these could deliver quite a zap despite the unit being broken and unplugged!

Adrian Kingsley-Hughes/ZDNET

After getting inside, the unit was filled with a grey goo that I’d seen in a previous disappointing charger I’d taken apart. This is a thermal paste that’s used to try to dissipate the heat generated by the components. 

It’s not really going to work because it’s sealed in a plastic box with no effective heatsink. It’s a token gesture at best. At worst, it creates a mass that’ll slowly heat up and hold temperature because it’s got no way to get rid of it.

Behold the grey goo!

Adrian Kingsley-Hughes/ZDNET

Next to this goo was a bank of capacitors — the black cylinders in the photo — which were the cause of the failure. They’d clearly overheated, with three of them showing signs of bulging.

The problem!

Adrian Kingsley-Hughes/ZDNET

Well there’s the problem!

I also noticed that two of the components — bridge rectifiers that are used to turn AC mains into DC — have been fixed on an angle to make the touch a metal heatsink. It’s not really an effective way to cool down components.

The bottom line

Another “too good to be true” device bites the dust. It’s not the first one I’ve come across, and it won’t be the last.

Moral of the story here is that manufactures are using big number marketing — in this case 1,000W and masses of ports — to scalewash poor quality products. 

This might be a half-decent product if it was built to deliver 100W, but there’s no end of competition at that end of the market. Silkscreen “1,000W” on the outside, sprinkle in a few reviews that feel scripted and fake, and all of a sudden it’s interesting and exciting… right up until it blows up. 

Also: My top 7 laptop-bag essentials now, after decades of remote work

I know of no 1,000W charger. In fact, the 500W Ugreen Nexode is the highest-power charger that I’ve tested that’s legit. And the price is also legit — $250. 

But it’s built to deliver on what it promises and is packed with safety features, including “tip-over protection,” which cuts the output when the unit tips over and prevents it from falling on its side, where it can’t dissipate heat effectively. Now that’s an attention to safety that I like to see in a product that handles that much power. 

But if you want 1,000W of output, you’ll have to buy two and duct tape them together.





Source link