One of the largest US heart surgery device manufacturers has been hit by a ransomware attack
- Artivion has filed a new filing with the SEC, confirming a ransomware attack
- The company was forced to take some systems offline, but says business operations are not affected
- No threat actors have yet claimed responsibility
Artivion, a major US company that builds cardiac surgery devices, has confirmed it is suffering from a ransomware attack.
In a new one 8-K archiving filed with the U.S. Securities and Exchange Commission (SEC), the company said it identified and addressed a “cyber security incident” in late November 2024.
“Artivion’s response measures include taking certain systems offline, initiating an investigation and engaging external counsel, including legal, cybersecurity and forensic professionals to assess, contain and remediate the incident,” the company said in the submission. “The incident involved the acquisition and encryption of files.”
Orders and shipping disrupted
Artivion said it was working to restore its systems “as quickly as possible” and was currently evaluating whether or not its customers, clients or employees should be notified of the attack.
It also added that as of the filing date, it did not see that the attack would have a material impact on its overall financial condition or results of operations, further emphasizing that such a scenario is unlikely.
However, the ransomware attack was not entirely benign: “The incident has caused disruptions in some ordering and shipping processes, as well as in certain business activities, which have been largely limited,” Artivion points out. “The company has incurred and will continue to incur costs in connection with its response to this incident, and the company believes it has adequate insurance coverage.”
Although insurance covers some of the costs, it does not cover everything. There are still risks such as further delays in the restoration, meaning the final result is yet to be determined.
Artivion did not say who the attackers were, what their demands were or whether they had stolen sensitive information. Given the sensitivity of the information it handles, it is safe to assume that the crooks asked for money under the threat of releasing the files to the public. However, these threats are usually done by posting the name and an example on a data breach site, which had not yet happened at the time of writing. That could also indicate that a ransom payment is currently being negotiated.
