Hackers have penetrated the computer networks of a top US medical device makers.
The attacks struck manufacturer, Medtronic, the world’s largest medical device maker, Boston Scientific and St. Jude Medical sometime during the first half of 2013 and it is thought that the hack might have lasted as long as several months.
It’s not clear what exactly the hackers were looking for, but federal laws meant to safeguard medical information require the companies to disclose any breach involving patient information. However, at present the companies have made no such disclosures.
All three companies have extensive operations in the Bay Area. Santa Rosa is home to Medtronic’s endovascular therapies and coronary businesses. St. Jude Medical operates manufacturing plants in Sunnyvale. Boston Scientific has offices in San Jose, Santa Clara and Fremont.
The attacks are described as “very thorough” and showed signs they might have been committed by hackers in China, according to a source close to the company.
The medical device makers were not aware of the intrusions until federal authorities contacted them, and they have formed task forces to investigate the breach.
“Like many companies, Boston Scientific experiences attempts to penetrate our networks and systems and we take such attempts seriously,”Denise Kaigler, senior vice president of corporate affairs and communications, said in an e-mail. She continued, “We have a dedicated team to detect and mitigate attacks when they occur as well as to implement solutions to prevent future attacks.”
Kaigler would not comment on the specifics of any attack for security reasons, but described the media’s information as “inaccurate.” She declined to provide any further detail.
A spokeswoman for Medtronic said the company would also not comment on any specific attack, and St. Jude Medical did not respond to a request for comment. The FBI have also failed to provide a comment.
High-tech companies like medical device makers sit on billions of dollars of intellectual property, making them an attractive target for corporate spies looking for an edge in developing the next blockbuster product.
It is thought that Cybercrime costs the United States economy about $100 billion each year.