Masimo reports cyber incident affecting production sites

American health technology and consumer electronics company Masimo said it recently suffered a data security incident that disrupted operations at its manufacturing facilities, leaving them functioning below normal capacity.

 

Headquartered in Irvine, California, Masimo manufactures patient monitoring devices and technologies, including non-invasive patient monitoring products like pulse oximeters, brain function monitors, patient management systems, and remote patient monitoring platforms.

 

On May 6, in a filing with the U.S. Securities and Exchange Commission (SEC), Masimo said that on April 27, it identified unauthorised activity within its internal network. The medical device manufacturer immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Upon detection, we activated our incident response protocols and implemented containment measures, including proactively isolating impacted systems. We promptly commenced an investigation and are actively working to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals,” Masimo said in its 8-K filing.

 

The company also notified relevant law enforcement authorities and is working closely with them to resolve the incident at the earliest.

 

“As a result of the incident, certain of the Company’s manufacturing facilities have been operating at less than normal levels, and the Company’s ability to process, fulfil, and ship customer orders timely has been temporarily impacted.

 

“The Company has been working diligently to bring the affected portions of its network back online, restore normal business operations and mitigate the impact of the incident,” Masimo added.

 

While the investigation is still ongoing, Masimo believes that the incident did not affect its  cloud-based systems.

 

The company is yet to reveal who was behind the security incident, how the attackers gained access to its systems, or whether any customer data was compromised. It has, however, assured stakeholders that further details will be shared as they become available.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Masimo. The medical device manufacturer also did not share whether it has received a ransom demand.