Three US medical device makers breached?

The computer networks of three big medical device makers have been breached by still unknown attackers that were likely after the companies’ intellectual property, the San Francisco Chronicle reports. The companies in question are Medtronic, Boston Scientific and St. Jude Medical.

Last June, the US Food and Drugs Administration (FDA) has issued a set of cyber security recommendations for (among others) medical device manufacturers, urging them to secure their offerings against malware, improve the patching of the devices’ firmware, and so on. The plea has been backed by hospitals, which fear for their own networks’ security and that of their patients.

But this is another type of risk that these companies have to take into consideration.

According to the report, which Boston Scientific senior vice president of corporate affairs and communications Denise Kaigler called “inaccurate”, the attacks happened in the first half of 2013 and might have lasted for months.

The companies have not confirmed this or any other attack, but a source close to the companies stated that the attacks were thorough, and there are signs pointing to Chinese hackers as the perpetrators.

It is mainly this that gives rise to the speculations that the attackers were after intellectual property.

Also, the companies haven’t formally disclosed the breach, which means that patient information was probably not compromised.