Report: Boston Scientific, Medtronic and St. Jude's networks hacked last year

In 2011, Boston Scientific ($BSX) was listed among 759 other organizations as a victim of attacks by China-based hackers. The report made the cyber cold war public knowledge but companies are still struggling to protect themselves, with the San Francisco Chronicle now reporting Boston Scientific and fellow medtech giants Medtronic ($MDT) and St. Jude Medical ($STJ) have been hacked.

The article--which is based on information from an anonymous source--claims hackers attacked the companies during the first half of 2013 and may have continued to do so for several months. Federal authorities reportedly informed the companies of the attacks, prompting each firm to investigate the breaches. It is unclear what information the hackers were after, but it appears no patient data was stolen. None of the manufacturers has made the disclosures required by law in the event of breaches involving patient data.

Details of what--if anything--was stolen are scarce. None of the companies was willing to discuss the attacks with the Chronicle, although Boston Scientific did tell the newspaper its information was "inaccurate." Such secrecy is common in the wake of attacks. Google ($GOOG) stands out as a rare example of a company that voluntarily went public with details of an attack. In 2010, the search titan revealed China-based hackers had tried to access the Gmail accounts of human rights activists. Later third-party reports showed hackers also targeted one of Google's valuable assets--its source code.

There are suggestions the medtech hacks--which were described as "very thorough"--also originated in China. Whether hackers are after source code or pacemaker plans, the motives and processes are similar. "The economics of it are fairly simple: There is great reward and only slight risk for state actors, or hackers in other countries, to steal or attempt to steal as much intellectual property as it can from U.S. companies that are often decades ahead in technology and research," data privacy attorney Joshua Carlson said.

- read the SF Chronicle report
- look back on the 2011 article