June 20, 2014 by Arezu Sarvestani
Medtech titan Medtronic reveals that it and 2 other device makers suffered cybersecurity breaches last year.
Medtronic (NYSE:MDT) revealed today that it was the target of a digital attack sometime in 2013, seeming to confirm rumors that circulated earlier this year regarding a hack of some of the medtech’s top players.
Medtronic reported in regulatory filings today that it and 2 other unnamed “large medical device manufacturers” were targeted by hackers appearing to originate from Asia. Those infiltrators didn’t breach any patient data, Medtronic assured regulators.
Medtronic offered few other details regarding the hack, but the disclosure seems to fall in line with an reports earlier this year that Chinese hackers targeted systems at Medtronic, Boston Scientific (NYSE:BSX) and St. Jude Medical (NYSE:STJ).
Josh, considering the type of PHI and HIPAA information that Medtronic, this is really unfortunate. I just want to add that breaches will continue to happen so long as companies are lax about information security, and that’s unfortunate. What’s needed for helping ensure the safety and security of one’s I.T. environment are the following three (3) mandates: (1). Well-written information security policies and procedures – those that are actually followed! (2). Annual security awareness training for employees – structured training protocol that effectively discussed leading I.T. security threats and challenges, along with best practices. (3). Proper provisioning and hardening of information systems – such as removing default accounts an insecure and unnecessary services and protocols. The very best defense any company can have for ensuring the safety and security of organizational assets are employees who actually care about the organization and are highly trained in regards to identifying threats or concerns to the company as a whole.