Jun 29, 2026

Medtronic statement on unauthorized system access

Updated June 29, 2026
 
As reported earlier this year, Medtronic was the victim of a cybersecurity incident that impacted some of our corporate IT systems in April 2026. You can read our initial disclosure of the incident below. 
 
In recent weeks, we have been investigating this cyber incident and are beginning to communicate with individuals whose information we believe may have been impacted. At this time, we have no evidence that impacted information has been publicly posted or exposed on the Internet. We have not identified any impact to product security or patient safety, including the ability of any Medtronic device to operate safely and deliver intended therapy. Additionally, we have not identified any impacts to our manufacturing and distribution operations or our ability to meet patient and customer needs. 
 
We are disclosing the issue to impacted individuals, providing them with follow-up resources such as 24 months of complimentary credit monitoring, dark web monitoring, and identity theft restoration services for any impacted individuals who want an added layer of security related to their personal information. We are also providing a dedicated call center to address questions for those impacted: (888) 289-6806, M-F, 9 a.m.-9 p.m. ET.
 
If you are a physician and have any questions, please reach out to your local Medtronic representative.
 
Keeping Data Safe
 
Data privacy and security is a top priority for Medtronic, and as part of our ongoing commitment to the security of personal information in our care, we have implemented additional safeguards and continue to work with third-party cybersecurity experts to identify opportunities to further strengthen the security of our systems.
 
We regret any concern this issue may cause impacted individuals and want to reiterate that this incident did not impact the ability of any Medtronic device to operate safely and deliver intended therapy.
 
 

 

April 24, 2026

 
Medtronic has determined that an unauthorized party accessed data in certain Medtronic corporate IT systems.
 
We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs.
 
The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate. Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.
 
What We’re Doing
 
Upon identifying this unauthorized access, we immediately took steps to contain the incident, activated our incident response protocols and engaged leading cybersecurity experts to support our investigation and remediation actions.
 
We are working to identify any personal information that may have been accessed and will provide notifications and support services as needed.  We will continue to provide updates to any impacted individuals as we learn more.
 
Our Commitment to our Patients, Customers and Employees
 
Protecting patients and the trust placed in Medtronic is our highest priority. The privacy and security of all data with which we are entrusted is a vital part of that. As we resolve any impact of this unauthorized access to data in our systems, we are simultaneously identifying additional ways to further optimize our system security. We currently do not expect a material impact on our business or financial results.