Medical device manufacturer Artivion, who specializes in making products used by cardiac and vascular surgeons to treat patients, has been hit with a ransomware attack. It was severe enough attack that it has disrupted the company’s operations to the point it needed to disable some of its systems. The company disclosed this attack to the Security and Exchange Commission (SEC) with an 8-K filing.
The company told the government agency that it is “taking certain systems offline, initiating an investigation, and engaging external advisors, including legal, cybersecurity, and forensics professionals to assess, contain, and remediate the incident.” It’s taking these actions after “the incident involved the acquisition and encryption of files.” Although data was stolen, it doesn’t appear it will meaningfully harm Artivion’s business, as the company had insurance to deal with this type of scenario.
Thankfully, the attack doesn’t appear to have had an effect on any patients who are currently using any of the company’s products. Artivion will be able to continue “to provide its products and services to customers.” However, patients who are in need of such devices could potentially see delays in treatment as the “incident has caused disruptions to some order and shipping processes.”
In the past, criminal groups were reticent to conduct these kinds of attacks on organizations that provide healthcare or healthcare related services and products. However, it seems as if it’s now open season as attackers are looking for more victims to squeeze. Hopefully governments are taking note of these kinds of incidents and can work with healthcare focused organizations so that they can protect themselves from these kinds of attacks, as the last thing patients need is to have to worry about this kind of nonsense.