Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline.
The Atlanta-based company employs over 1,250 people worldwide and has sales representatives in more than 100 countries. It also operates manufacturing facilities in Atlanta, Georgia; Austin, Texas; and Hechingen, Germany.
“Artivion’s response measures included taking certain systems offline, initiating an investigation, and engaging external advisors, including legal, cybersecurity, and forensics professionals to assess, contain, and remediate the incident,” the company revealed in a Monday 8-K filing with the U.S. Securities and Exchange Commission (SEC).
While Artivion hasn’t directly mentioned ransomware in its SEC filing, it disclosed that the attackers encrypted some of its systems and stole data from compromised systems.
“The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations,” it stated.
The company added that disruptions to its corporate operations, order processing, and shipping have mostly been addressed and that insurance coverage will cover the expenses related to incident response. However, Artivion believes it will incur additional costs not covered by insurance.
Even though no ransomware operation has claimed responsibility for the attack, this will likely happen if the threat actors’ ransom demands aren’t met in the coming days or weeks.
In recent weeks, other organizations in the U.S. healthcare sector have been hit by ransomware, with the BianLian cybercrime gang claiming a cyberattack on Boston Children’s Health Physicians (BCHP) and threatening to leak stolen files unless a ransom is paid. A ransomware attack also forced UMC Health System to divert some patients in September.
Earlier this month, Anna Jaques Hospital confirmed that a ransomware attack it suffered last Christmas had exposed the sensitive health data of over 310,000 patients.
Source: www.bleepingcomputer.com