Medtronic disclosed that unauthorized actors accessed certain corporate IT systems between April 13 and April 19, exposing personal and health-related information tied to 3,834,294 individuals. The company said the incident was detected after unusual activity on April 15 and attributed in public reporting to the ShinyHunters extortion group, which claimed to have stolen about 9 million records and briefly listed Medtronic on its Tor-based leak site before the post disappeared. Exposed data may include names, contact details, dates of birth, Social Security numbers, and other health-related information.
Medtronic said it found no impact on medical devices, patient safety, hospital customer networks, manufacturing and distribution operations, financial systems, or care delivery, and added that it has no evidence the stolen data was publicly released online. The company has engaged external cybersecurity experts, notified law enforcement and regulators, and is warning affected people to watch for phishing, social engineering, and unauthorized account activity while offering 24 months of credit monitoring, dark web monitoring, and identity theft recovery services.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
Medtronic disclosed that 3,834,294 individuals were affected by the breach and began notifying them. The company said exposed data may include personal, medical, and government identifier information, and offered 24 months of credit monitoring and identity theft services.
Medtronic's investigation found the unauthorized access to certain corporate IT systems continued through April 19, 2026. The company later said its devices, care delivery, and core operations were not impacted.
The ShinyHunters extortion group listed Medtronic on its Tor leak site on April 18, 2026, claiming it had stolen more than 9 million records. The listing was later removed.
Medtronic said it detected unusual activity on April 15, 2026, which led to an investigation into unauthorized access to its corporate IT systems. The company also engaged external cybersecurity experts, law enforcement, and relevant regulators.
Medtronic said an unauthorized actor accessed certain corporate IT systems starting on April 13, 2026. The intrusion was later determined to have exposed personal information.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
cyberveille.ch
Open sourcetherecord.media
Open sourcesecurityaffairs.com
Open sourcecysecurity.news
Open sourceteiss.co.uk
Open sourcecyberveille.ch
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.