ENP Newswire - 24 June 2014
Release date- 23062014 - Medtech giant Medtronic disclosed in its most recent annual report that it was victimized by hackers infiltrating the company's computers in two separate incidents-and that two other medical device companies faced similar hacking incidents.
'Medtronic, along with two other large medical device manufacturers, discovered an unauthorized intrusion to our systems that was believed to originate from hackers in Asia,' the annual filing with the SEC said. The other two manufacturers were not named, but in February we reported that the San Francisco Chronicle, citing an unnamed source, had published an article in which source claimed that Medtronic, Boston Scientific, and St. Jude Medical had been collectively hacked during the first half of 2013.
The Star Tribune of Minneapolis says it tried to follow up on the story, but had little luck. 'For security reasons, Boston Scientific does not comment on the specifics of any attempted attacks,' the company told the Star Tribune's reporters on Friday. St. Jude Medical did not return a phone call. The Medtronic filing offered no details about the scale of the attacks or whether any other company information was lost. Medtronic declined to comment beyond its SEC filing to the Star Tribune.
The hackers apparently targeted Medtronic's diabetes unit patient records. In the annual SEC filing, the company said: 'We concluded that the intrusion did not breach any of the databases where we store patient data. While we found no evidence of a breach or inadvertent disclosure of the patient records, we were unable to locate them for retrieval.'
Regarding governmental reporting requirements, Medtronic said, 'We received inquiries from some State Attorneys General regarding whether notification to patients was necessary, and provided them information about our analysis and conclusions that patient data was not affected.'
Medical device cybersecurity is a topic that's been receiving perhaps belated attention of late. As we reported earlier this month, FDA has released a Draft Guidance, 'Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices,' intended to supplement its 'Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices' and 'Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.'
At the end of April, FBI issued a warning on medical device hacking. And in May, Heartbleed became a worry for medtech as well as consumers across the world.