Top US heart surgery device maker hit by ransomware attack

Image credit: Pixabay (Image credit: Future)

Artivion submitted a new filing with the SEC, confirming a ransomware attack
It was forced to take some systems offline, but says operations are unaffected
No threat actors claimed responsibility just yet

Artivion, a major American company building heart surgery devices, has confirmed suffering a ransomware attack.

In a new 8-K filing submitted with the US Securities and Exchange Commission (SEC), the company said it identified, and tackled, a “cybersecurity incident” in late November 2024.

“Artivion’s response measures included taking certain systems offline, initiating an investigation, and engaging external advisors, including legal, cybersecurity, and forensics professionals to assess, contain, and remediate the incident,” the company said in the filing. “The incident involved the acquisition and encryption of files.”

Orders and shipping disrupted

Artivion said it was working on restoring its systems “as quickly as possible” and that it was currently evaluating whether or not its clients, customers, or employees, would need to be notified of the attack.

It also added that at the date of the filing, it did not see the attack having a material impact on its overall financial condition or results of operations, further stressing that such a scenario is unlikely.

The ransomware attack wasn’t completely benign, though: “The incident has caused disruptions to some order and shipping processes, as well as to certain corporate operations, which have largely been mitigated,” Artivion stressed. “The Company has and will continue to incur expenses related to its response to this incident, and the Company believes it has adequate insurance coverage.”

While insurance will cover parts of the expenses, it will not cover all. There are still risks such as further delays in restoration, meaning that the bottom line is yet to be determined.

Artivion did not say who the attackers were, what their demands were, or if they stole any sensitive information. Given the sensitivity of the information it handles, it’s safe to assume the crooks did ask for money, under the threat of releasing the files to the public. However, those threats are usually done by posting the name, and a sample, on a data leak site which, at press time, did not yet happen. That could also suggest that a ransom payment is currently being negotiated.

Ransomware attack on Blue Yonder hits Starbucks, grocery stores across the world
Here's a list of the best antivirus
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.