Medical device manufacturer Medtronic has confirmed that an unauthorised party accessed data within its corporate IT systems, triggering incident response protocols and an ongoing investigation into the scope of the breach.

Medtronic disclosed the incident on 24 April 2026 via a statement on its website and a Form 8-K filing with the US Securities and Exchange Commission. The company said it had immediately moved to contain the incident and engaged external cybersecurity experts.

Medtronic is one of the world's largest medical device companies. Its product portfolio includes cardiac pacemakers, defibrillators, insulin pumps and surgical robotics systems used in hospitals across Australia and globally.

In its public statement, the company said: "We have not identified any impact to our products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs."

Medtronic said its corporate IT networks are physically and logically separate from those supporting its products, manufacturing and distribution operations. It also confirmed that hospital customer networks are independently secured and managed by customers' IT teams.

The company said it was working to identify any personal information that may have been accessed and would notify affected individuals and provide support services as required.

"Protecting patients and the trust placed in Medtronic is our highest priority. The privacy and security of all data with which we are entrusted is a vital part of that," the company said in its statement.

Medtronic said it does not currently expect a material impact on its business or financial results.

The disclosure follows claims made in mid-April by cybercrime group ShinyHunters, which alleged on a dark web forum that it had accessed data on Medtronic's servers and threatened to publish the data if a ransom was not paid by 21 April 2026. ShinyHunters claimed to have exfiltrated more than nine million records containing personal information. Medtronic has not verified those figures. Reports of the claim circulated among cybersecurity researchers before Medtronic's official statement.

The breach is the latest in a pattern of ransomware and data extortion attacks targeting healthcare organisations worldwide. The ShinyHunters group has previously been linked to breaches affecting Ticketmaster, Santander Bank and other large enterprises.