Skip to content

Artivion ransomware attack: Patient data encrypted and at risk

  • by
  • 3 min read

Illustration: JMiks | Shutterstock

Artivion, a manufacturer of devices used in heart surgeries has disclosed a cybersecurity incident that resembles a ransomware attack. The company reports that the incident occurred on November 21, and hackers were able to break in, steal data, and lock the company out of its files.

The company didn’t specifically state the nature of the cyberattack, but in its filing with the Securities and Exchange Commission (SEC), it claimed that the “incident involved the acquisition and encryption of files.” Artivion’s immediate response to the incident included “taking certain systems offline, initiating an investigation, and engaging external advisors, including legal, cybersecurity, and forensics professionals, to assess, contain, and remediate the incident.”

At the time of writing, no ransomware or cybercrime gang has claimed responsibility for the attack and Candid.Technology couldn’t find any Atrivion-related data for sale on major cybercrime forums or ransomware group sites. The company also hasn’t disclosed the demand for a ransom. This situation generally occurs when the victim company negotiates with the attackers over ransom demands.

These attacks proceed in two phases. The first is when the ransomware or cybercrime group responsible for the attack claims responsibility and posts a small sample on a cybercrime forum or its dark web website to prove its claims. The next involves threatening the victim with releasing their data to the public unless a ransom is paid.

Atrivion hasn’t disclosed much about the attack, but its filing with the SEC does state that the incident caused “disruptions to some order and shipping processes, as well as to certain corporate operations, which have largely been mitigated”. The manufacturer also stated that it’ll bear any additional costs related to the incident’s resolution and believes it has “adequate insurance coverage.”

However, these additional costs might be borne by the company itself as these likely won’t be covered by insurance. Additionally, the cyberattack has left it open to various risks, including the “impact of delays in restoration”; hence, it cannot provide any guarantees that the incident will not have a material impact in the future.

The filing suggests that the company is trying to escape what appears to be a sticky situation. While it hasn’t affected its finances yet, there’s not enough confidence in the situation for them to promise long-term security. Healthcare organisations are increasingly becoming popular targets for ransomware gangs due to their low tolerance for the outages such cyberattacks bring and the treasure trove of personal, sensitive data they house.

In the News: Microsoft 365 outage takes down Office web apps

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>