Medical device supplier Medtronic hit with cyber attack
- 28 April 2026
- Medtronic has been hit with a cyber attack that led to unauthorised access to some of its IT systems
- The firm said it has not identified any impact to its products or patient safety
- It added that it is “working to identify any personal information that may have been accessed"
Medical device supplier Medtronic has been hit with a cyber attack that led to unauthorised access to some of its IT systems.
The global firm, which develops and manufactures devices for more than 70 chronic conditions, has recently been working with Manchester University NHS Foundation Trust to co-develop AI and robotic surgery solutions.
In a public statement, published on 24 April 2026, the firm said that said that patient safety had not been impacted by the incident, which saw an authorised party acess date in its corporate It systems.
“We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs.
“The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate. Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams,” the statement said.
Medtronic confirmed that it had immediately taken steps to contain the incident, activated its incident response protocols and “engaged leading cyber security experts to support our investigation and remediation actions”.
It added that it is working to identify if any personal information had been accessed and would provide “notifications and support services as needed”.
Medtronic is one of the world’s largest medical device manufacturers, headquartered in Ireland, with operations spanning more than 150 countries.
The company develops and produces technologies, including insulin pumps, cardiac devices, surgical tools, and patient monitoring systems.
Commenting on the incident, Tim Mackey, head of software supply chain risk strategy at Black Duck, said, “Whenever there is an attack on society’s critical systems, whether we’re talking about critical infrastructure or, as is the case with Medtronic, a critical provider of healthcare technologies, this represents an opportunity for all defensive teams to review how they segment users, data, and operations.
“For example, an attack on a medical device manufacturer shouldn’t directly impact healthcare providers unless that attack exfiltrated product designs and software.
“If such an exfiltration were to occur, inspecting those designs and software shouldn’t expose any product weaknesses unless that data wasn’t encrypted at rest.
“If an exfiltration occurred or malware was installed on product or manufacturing workstations, then patient risk might be compromised unless additional reviews are performed.
“In this case, Medtronic states that only corporate IT systems were involved, and that corporate networking is separated from product and operations.
“Mitigating cyberattacks is a defence-in-depth exercise, which starts with controlling access, such as with zero-trust architectures and network management.”
Read more about NHS cyber resilience and recovery in our latest Insights Report.
