Medical device manufacturer Masimo has warned customers about a cyberattack that has affected its operations and caused delays in customer orders. The incident affected its networks but only impacted on-premise systems, leaving the company’s cloud infrastructure unharmed.

Masimo disclosed the cyberattack in a K-8 filing submitted to the US Securities and Exchange Commission (SEC), claiming that the incident happened on April 27, 2025. The filing confirms the following about the company’s operational state:

As a result of the incident, certain of the Company’s manufacturing facilities have been operating at less than normal levels, and the Company’s ability to process, fulfill, and ship customer orders timely has been temporarily impacted. The Company has been working diligently to bring the affected portions of its network back online, restore normal business operations and mitigate the impact of the incident.

Illustration: Supimol Kumying | Shutterstock

No information about the nature of the attack or the attack vector was shared. The company has implemented containment measures and isolated affected systems, seemingly containing the attack. It’s also working with thrid-party cybersecurity professionals and has informed relevant law enforcement authorities.

The investigation into the incident is ongoing and Masimo claims that the full scope, nature, and impact of the incident remains unknown. At the time of writing, Candid.Technology hasn’t seen any major ransomware groups claiming responisbility for the attack.

Given recent ransomware attack patterns, we could be looking at a failed ransomware attack attempt. Healthcare companies and hospitals are lucrative targets for financially motivated ransomware groups due to their fast-paced work and the amount of sensitive perosnal information they hold which can be exploited for identity theft and financial frauds.