✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Medical Equipment
Breach intelligence, attack campaigns, and threat reports targeting the Medical Equipment sector.
Explore Other Sectors
Medical Equipment Threat Reports
Critical Vulnerabilities in Apollo Pharmacy's Blood Glucose Monitoring System APG-01 BT
In June 2026, vulnerabilities were identified in the Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT, specifically affecting version 0x0110_v1.1.0. These vulnerabilities, CVE-2026-50034 and CVE-2026-52866, allow attackers within Bluetooth Low Energy (BLE) range to intercept sensitive health data and disrupt device connectivity. The first vulnerability enables unauthorized access to glucose measurement values, while the second allows an attacker to monopolize the device's BLE connection, preventing legitimate use. These issues highlight the critical need for robust security measures in medical devices, especially those utilizing wireless communication protocols. As healthcare increasingly relies on connected devices, ensuring the confidentiality and availability of patient data is paramount to maintaining trust and compliance with regulatory standards.
6 days ago
Kill Chain
iRhythm Data Breach 2026: A Wake-Up Call for Healthcare Cybersecurity
In June 2026, iRhythm Holdings, a digital healthcare company specializing in cardiac monitoring, experienced a significant data breach. On June 8, unauthorized activity was detected in third-party-hosted business applications, leading to the exfiltration of sensitive information, including proprietary data and patient protected health information (PHI). The attackers, employing social engineering tactics, contacted iRhythm on June 9, demanding a ransom to prevent public disclosure of the stolen data. The company promptly activated its cybersecurity response plan, engaged external experts, and confirmed the breach's materiality due to the volume of affected data. Importantly, iRhythm reported no impact on its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, or financial reporting systems. ([streetinsider.com](https://www.streetinsider.com/Reuters/iRhythm%2Bdiscloses%2Bcyber%2Bincident%2C%2Bsays%2Bno%2Bimpact%2Bon%2Bdevice%2Bsystems%2C%2Bpatient%2Bsafety/26648941.html?utm_source=openai)) This incident underscores the escalating threat landscape targeting healthcare organizations, particularly through social engineering and ransomware attacks. The breach highlights the critical need for robust cybersecurity measures, comprehensive employee training to recognize and prevent social engineering attempts, and stringent data protection protocols to safeguard sensitive patient information.
1 week ago
Kill Chain
Novo Nordisk's 2026 Data Breach: A Wake-Up Call for Pharma Cybersecurity
In June 2026, Danish pharmaceutical company Novo Nordisk experienced a cybersecurity incident resulting in unauthorized access to certain internal IT systems. The breach led to the external copying of non-public data, including pseudonymized patient information from some clinical trials. This data encompassed patient IDs, trial participation details, sex, year of birth, biomarkers, health data, and lifestyle factors. Importantly, the data did not include direct identifiers such as patient names, mitigating the risk of immediate patient identification. The company promptly launched an investigation with external cybersecurity experts and notified relevant authorities. While certain internal systems were temporarily taken offline, Novo Nordisk confirmed that core business operations remained unaffected. This incident underscores the persistent threat of cyberattacks targeting sensitive health data within the pharmaceutical industry. Organizations handling such data must continually enhance their cybersecurity measures to protect against unauthorized access and data breaches. The event also highlights the importance of rapid response and transparent communication in maintaining trust and compliance in the face of security incidents.
1 week ago
Kill Chain
Critical BLE Vulnerability Discovered in Fourth Frontier's Frontier X2 Devices
In May 2026, a critical vulnerability (CVE-2026-5768) was identified in Fourth Frontier's Frontier X2 wearable device and its associated mobile applications. This flaw allows unauthenticated Bluetooth Low Energy (BLE) access, enabling attackers within proximity to manipulate device functions and inject fabricated health telemetry data. Affected versions include the Frontier X Android application prior to version 15.0.0, the iOS application before version 25.0.0, and all versions of the Frontier X2 device firmware. The vulnerability has been assigned a CVSS score of 8.8, indicating high severity. ([windowsforum.com](https://windowsforum.com/threads/cisa-warns-frontier-x2-ble-auth-flaw-can-spoof-ecg-and-health-readings.420539/?utm_source=openai)) The exploitation of this vulnerability could lead to unauthorized control over device functions, such as starting or stopping activities and triggering vibrations, potentially resulting in patient harm. Additionally, attackers can impersonate legitimate devices, injecting false health data like heart rate and breathing rate into the mobile application, compromising the integrity of health monitoring. ([windowsforum.com](https://windowsforum.com/threads/cisa-warns-frontier-x2-ble-auth-flaw-can-spoof-ecg-and-health-readings.420539/?utm_source=openai))
3 weeks ago
Kill Chain
West Pharmaceutical Services Ransomware Attack Disrupts Global Operations
In May 2026, West Pharmaceutical Services, a leading manufacturer of pharmaceutical packaging and delivery systems, experienced a significant ransomware attack. Detected on May 4, the attack involved unauthorized data exfiltration and system encryption, leading the company to proactively shut down and isolate affected on-premise infrastructure globally. This containment measure temporarily disrupted business operations worldwide. The company engaged Palo Alto Networks' Unit 42 for incident response and notified law enforcement. As of May 11, core enterprise systems had been restored, and critical shipping, receiving, and manufacturing processes had restarted at some sites; however, a complete restoration timeline had not been finalized. The financial impact of the incident remains under assessment. This incident underscores the escalating threat of ransomware attacks targeting critical infrastructure sectors, including pharmaceutical manufacturing. Organizations in these sectors must prioritize robust cybersecurity measures, incident response planning, and employee training to mitigate the risk of such disruptive attacks.
1 month ago
Kill Chain
Medtronic Confirms 2026 Data Breach by ShinyHunters
In April 2026, Medtronic, the world's largest medical device company, confirmed a data breach involving unauthorized access to certain corporate IT systems. The cybercriminal group ShinyHunters claimed responsibility, alleging the theft of over 9 million records containing personally identifiable information (PII) and terabytes of internal corporate data. Medtronic stated that the breach did not impact their products, patient safety, or business operations, emphasizing that the affected corporate IT systems are separate from those supporting their products and manufacturing operations. The company is conducting an ongoing investigation to determine the full scope of the incident and any potential exposure of personal data. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/?utm_source=openai)) This incident underscores the escalating threat posed by cyber extortion groups like ShinyHunters, who have been increasingly targeting large organizations across various sectors. The breach highlights the critical importance of robust cybersecurity measures and the need for organizations to remain vigilant against sophisticated cyber threats that can compromise sensitive data and disrupt operations.
1 month ago
Kill Chain
AZ Monica Hospital Cyberattack: A Stark Reminder for Healthcare Security
In January 2026, AZ Monica Hospital in Antwerp, Belgium, experienced a significant cyberattack that disrupted its computer systems, leading to the cancellation of at least 70 surgeries and the transfer of seven critical patients to other facilities. The attack also affected patient registration processes and emergency services, compelling the hospital to advise patients to seek care elsewhere. This incident underscores the escalating threat of cyberattacks on healthcare institutions, highlighting the critical need for robust cybersecurity measures to protect patient safety and maintain operational continuity.
2 months ago
Kill Chain
Stryker's 2026 Cyberattack: A Wake-Up Call for Healthcare Cybersecurity
In March 2026, Stryker, a leading U.S. medical technology company, experienced a significant cyberattack attributed to the Iranian-linked hacking group Handala. The attackers claimed to have wiped over 200,000 systems and extracted 50 terabytes of critical data, leading to widespread operational disruptions across Stryker's global network. The attack was reportedly in retaliation for U.S. military actions in Iran. ([techradar.com](https://www.techradar.com/pro/security/an-unprecedented-blow-us-medtech-giant-stryker-suffers-global-outage-after-apparent-iranian-cyberattack?utm_source=openai)) This incident underscores the escalating cyber threats targeting critical healthcare infrastructure, highlighting the need for robust cybersecurity measures to protect sensitive data and ensure operational continuity in the face of nation-state-sponsored cyberattacks.
3 months ago
Kill Chain
Stryker's 2026 Cyberattack: A Wake-Up Call for Healthcare Cybersecurity
In March 2026, Stryker Corporation, a leading medical technology company, experienced a significant cyberattack attributed to the pro-Iranian hacktivist group Handala. The attackers claimed to have infiltrated Stryker's global network, exfiltrated 50 terabytes of sensitive data, and deployed wiper malware that erased data on over 200,000 systems, servers, and mobile devices. This attack led to widespread operational disruptions across Stryker's offices in 79 countries, severely impacting their ability to deliver medical products and services. ([investing.com](https://www.investing.com/news/stock-market-news/stryker-stock-falls-34-on-iranlinked-cyberattack-report-93CH-4554963?utm_source=openai)) This incident underscores the escalating threat posed by politically motivated cyberattacks targeting critical infrastructure sectors. Organizations in the healthcare and medical technology industries must enhance their cybersecurity measures to protect against such sophisticated and destructive attacks.
3 months ago
Kill Chain
Stryker's 2026 Cyberattack: A Wake-Up Call for Healthcare Cybersecurity
In March 2026, Stryker Corporation, a leading U.S. medical technology company, experienced a significant cyberattack attributed to the pro-Palestinian hacktivist group Handala. The attackers reportedly utilized wiper malware to erase data from over 200,000 systems, including servers and mobile devices, leading to widespread operational disruptions across Stryker's global network. Employees in multiple countries, notably Ireland, were sent home as the company worked to contain the incident. Handala claimed the attack was retaliation for a missile strike that resulted in civilian casualties in Iran. This incident underscores the escalating trend of state-sponsored hacktivism targeting critical infrastructure and healthcare sectors. Organizations must enhance their cybersecurity measures to defend against sophisticated threats that aim not only to steal data but also to cause operational paralysis. The use of wiper malware highlights the need for robust data backup and recovery strategies to mitigate the impact of such destructive attacks.
3 months ago
Kill Chain
UFP Technologies Cyberattack: A 2026 Data Theft Incident
In February 2026, UFP Technologies, a leading medical device manufacturer, detected unauthorized access to its IT systems. The breach, identified on February 14, led to the theft and potential destruction of company data, impacting critical functions such as billing and label creation for customer deliveries. Immediate containment measures were implemented, and external cybersecurity experts were engaged to investigate and remediate the incident. The company has since restored access to the affected information and believes the threat actor has been removed from its systems. This incident underscores the escalating cyber threats targeting the healthcare sector, emphasizing the need for robust cybersecurity measures. Organizations must remain vigilant against sophisticated attacks that can disrupt operations and compromise sensitive data, highlighting the importance of proactive defense strategies and incident response planning.
4 months ago
Kill Chain
Remote Hacking of WHILL Wheelchairs: Unsecured Bluetooth Puts Patient Safety at Risk
In January 2026, cybersecurity researchers revealed significant security flaws in WHILL's electric wheelchairs, which allowed attackers within Bluetooth range to remotely pair with the device due to the absence of authentication controls. This flaw enabled malicious actors to take control of the wheelchair, manipulating its movement, speed settings, and configuration profiles without requiring any credentials or user interaction. CISA subsequently issued an advisory highlighting the risk, underscoring that such vulnerabilities could result in dangerous, unauthorized maneuvers or override critical safety restrictions, potentially jeopardizing user safety and privacy. This incident exemplifies the escalating risk represented by insecure IoT medical devices, especially those operating in public or semi-public settings. With threat actors increasingly targeting Bluetooth-enabled endpoints and the medical IoT landscape expanding rapidly, similar vulnerabilities are likely to be discovered in other transportation and assistive devices, putting regulatory and patient pressures on device manufacturers and healthcare providers.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports