Report: Boston Scientific, Medtronic and St. Jude's networks hacked last year

In 2011, Boston Scientific ($BSX) was listed among 759 other organizations as a victim of attacks by China-based hackers. The report made the cyber cold war public knowledge but companies are still struggling to protect themselves, with the San Francisco Chronicle now reporting Boston Scientific and fellow medtech giants Medtronic ($MDT) and St. Jude Medical ($STJ) have been hacked.

The article--which is based on information from an anonymous source--claims hackers attacked the companies during the first half of 2013 and may have continued to do so for several months. Federal authorities reportedly informed the companies of the attacks, prompting each firm to investigate the breaches. It is unclear what information the hackers were after, but it appears no patient data was stolen. None of the manufacturers has made the disclosures required by law in the event of breaches involving patient data.

Details of what--if anything--was stolen are scarce. None of the companies was willing to discuss the attacks with the Chronicle, although Boston Scientific did tell the newspaper its information was "inaccurate." Such secrecy is common in the wake of attacks. Google ($GOOG) stands out as a rare example of a company that voluntarily went public with details of an attack. In 2010, the search titan revealed China-based hackers had tried to access the Gmail accounts of human rights activists. Later third-party reports showed hackers also targeted one of Google's valuable assets--its source code.

There are suggestions the medtech hacks--which were described as "very thorough"--also originated in China. Whether hackers are after source code or pacemaker plans, the motives and processes are similar. "The economics of it are fairly simple: There is great reward and only slight risk for state actors, or hackers in other countries, to steal or attempt to steal as much intellectual property as it can from U.S. companies that are often decades ahead in technology and research," data privacy attorney Joshua Carlson said.

- read the SF Chronicle report
- look back on the 2011 article

Suggested Articles

There's no evidence personal patient information leaked during the 11-week breach, but the same can't be said about Sangamo's own secrets.

Through a new online tracker, AllTrials names sponsors who fail to report clinical trial results on time per the FDAAA Final Rule.

The new solution aims to streamline the incorporation of human genomic data into clinical trial designs.