Cyber attack forces medical devices maker Artivion to take systems offline

U.S.-based medical devices manufacturer Artivion said it experienced a data security incident that forced it to take several systems offline and launch a forensic investigation.

 

Headquartered in Atlanta, Georgia, Artivion specialises in manufacturing, processing, and distributing medical devices and implantable tissues used in cardiac and vascular surgical procedures focused on aortic repair.

 

In a filing with the Securities and Exchange Commission, Artivion said that on November 21, it identified a cyber security incident affecting its systems and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Artivion’s response measures included taking certain systems offline, initiating an investigation, and engaging external advisors, including legal, cybersecurity, and forensics professionals to assess, contain, and remediate the incident,” reads the filing.

 

The investigation revealed that certain threat actors infiltrated its internal network and acquired and encrypted certain files hosted on the network. “The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations,” Artivion said.

 

The company is yet to evaluate whether the incident will have a material impact on its overall financial health or “results of operations or whether the incident is not reasonably likely to have a material impact on its financial conditions or results of operations.”

 

“The Company continues to provide its products and services to customers, but the incident has caused disruptions to some order and shipping processes, as well as to certain corporate operations, which have largely been mitigated.

 

“The Company has and will continue to incur expenses related to its response to this incident, and the Company believes it has adequate insurance coverage. However, the Company believes that it will incur additional costs that will not be covered by insurance.

 

“The Company remains subject to various risks due to the incident, including the impact of delays in restoration, and, as a result, cannot provide assurances that the incident will not be determined to have a material impact in the future,” Artivion added.

 

At the time of publishing, no known hacker group has claimed responsibility for the ransomware attack on Artivion and the company also did not share details on who is behind the incident or if it has received a ransom demand.