Bottom Line: Medtronic informs 3.8 million people of a data breach from April 2026 in which ShinyHunters extracted millions of records containing patient data.
Medical technology company Medtronic is currently sending notifications to 3,834,294 individuals whose personal and medical data were compromised in a cyberattack in April 2026. The hacker group ShinyHunters had access to names, contact information, dates of birth, social security numbers, and patient records.
The incident occurred in April 2026 but was only publicly confirmed at the end of the month. The group known as ShinyHunters listed Medtronic on its leak platform in the Tor network on 17 April, claiming to have copied more than 9 million records and several terabytes of internal company data. The corresponding entry has since been removed from the platform — a possible indication of a ransom payment to prevent publication.
According to Medtronic’s statements to the California Attorney General, there is no evidence to date that the stolen data has been made publicly accessible or distributed on the internet. The company emphasizes that neither its own products nor manufacturing and delivery have been affected.
For the 3.8 million affected individuals, Medtronic is providing free protective measures for 24 months: credit monitoring, dark web monitoring, and support in the event of identity theft. In parallel, the company has implemented additional security measures and is working with external IT security experts. Law enforcement and supervisory authorities have been notified.
ShinyHunters is among the most active actors in the field of digital extortion and is known for a series of major data thefts from international companies. The incident underscores the risk for healthcare organizations whose systems host both financial and sensitive health data.
Source: www.it-daily.net · Published 6 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.