Medical device company Artivion disclosed on December 9, 2024, that a ransomware attack disrupted its systems, affecting order and shipping processes. The incident, identified on November 21, forced the company to take systems offline while it worked to contain the attack and restore operations.
What happened
Artivion, a Georgia-based medical device company specializing in aortic repair solutions, discovered a data breach on November 21, 2024. The breach involved the acquisition and encryption of files within its systems, disrupting operations. The company initiated an investigation immediately after identifying the incident, but the restoration timeline for its impacted systems remains uncertain.
On December 9, 2024, Artivion disclosed the breach in a Form 8-K filing with the U.S. Securities and Exchange Commission. As of December 10, 2024, Artivion has not released additional details, and its investigation is ongoing.
What was said
Artivion stated in its Form 8-K filing that it is "working diligently to assess the full scope of the incident and restore normal operations."
The company also emphasized its commitment to cybersecurity and assured stakeholders that it would provide updates as the investigation progresses.
Why it matters
The Artivion ransomware attack shows that healthcare-adjacent industries are also vulnerable to cyberattacks that disrupt critical operations and supply chains. For a company like Artivion, delays in shipping and orders could have downstream effects, potentially impacting surgeries and patient care.
The bottom line
Artivion's ransomware attack reflects a larger trend of cyberattacks targeting critical healthcare infrastructure. While the company mitigated many disruptions, the attack shows the ongoing risks in a sector where delays can have severe consequences.
Related: Healthcare data breaches: Insights and implications
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Are there any costs associated with placing a fraud alert or credit freeze?
No, under US law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.
