Heads up: medical device maker Medtronic has told some customers they were caught up in a data breach after unauthorized access to corporate systems. The company says devices are still safe to use, but some personal information could have been seen by the intruders.

What happened

Medtronic detected odd activity in mid-April 2026 and launched an investigation with outside cybersecurity experts. The probe found an unauthorized actor had access to certain corporate IT systems from April 13 to April 19, 2026. The extortion group that claimed responsibility said they were in possession of 9 million records, though Medtronic says the stolen data was not published online and the attacker’s listing was later removed.

The types of information the company says may have been exposed include:

  • Full name
  • Contact details (phone, email, address)
  • Date of birth
  • Social Security number
  • Health-related details

Medtronic has stressed that its medical devices were not targeted and remain not affected by this incident.

What you should do

If you received a notification from Medtronic, they’re offering enrollment in 24 months of complimentary services — sign-up is recommended. The company specifically suggested taking advantage of credit monitoring and identity-theft protections to reduce the fallout risk.

  • Enroll in any offered identity protection and monitoring services.
  • Keep an eye out for suspicious emails, calls, or texts that try to use your personal info (phishing and social engineering is a very real thing).
  • Monitor bank and credit accounts closely and report unusual activity immediately.
  • Consider placing a credit freeze or fraud alert if you’re worried about misuse of your Social Security number.
  • Use unique passwords and enable multi-factor authentication everywhere possible.

Bottom line: breathe, be cautious, and take the free protections. Big companies get breached — annoying but true — and the best defense is a little vigilance and a dash of paranoia.