Medical technology company Masimo Corporation disclosed that it experienced unauthorized activity on its on-premise network, affecting manufacturing operations. The cyber breach, identified on April 27, prompted the company to activate its incident response protocols, including isolating affected systems and initiating an investigation with third-party cybersecurity experts.
As a result of the incident, some of Masimo’s manufacturing facilities have been operating below normal capacity, temporarily affecting the company’s ability to process, fulfill, and ship customer orders. The company is working diligently to restore normal operations and mitigate the impact of the breach.
“We promptly commenced an investigation and are actively working to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals,” Masimo disclosed in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC) on Tuesday. “The Company has also notified and is coordinating with law enforcement.”
The Irvine, California-based company believes that its cloud-based systems remain unaffected. The full scope and impact of the breach are still under investigation.
Masimo cautioned that the incident could lead to legal, reputational, and financial risks, including potential regulatory inquiries, enforcement actions, or litigation. The company emphasized that forward-looking statements are subject to risks and uncertainties, and actual results may differ materially.
Masimo offers advanced monitoring technologies, sensors, and patient monitors that has grown into a publicly traded company with over 7,000 employees worldwide. Masimo’s platforms, such as Hospital Automation and SafetyNet, enable connectivity, automation, and telehealth solutions that enhance patient care in hospitals and beyond. Its technologies are integrated into devices from other manufacturers like Philips, GE Healthcare, and Zoll.
Investors and stakeholders are advised to monitor Masimo’s official communications for updates on the situation.
Masimo clarified that the investigation into the exact nature, scope, and actual impact of the incident is still underway, so it’s unclear if it has affected customer data and whether it will have any impact on the company’s financial figures for the current quarter. So far, no ransomware groups have assumed responsibility for the attack at Masimo.
Last October, Forescout Technologies released research that highlighted the most vulnerable connected medical devices, uncovering 162 security vulnerabilities that could potentially expose patient data, disrupt healthcare operations, and threaten patient safety. The findings reveal a growing risk from connected medical devices, with the most vulnerable listed as DICOM (Digital Imaging and Communications in Medicine) workstations, PACS (Picture Archiving and Communication Systems), pump controllers, and medical information systems.
In 2023, hacking was the leading cause of data breaches, with 595 incidents reported to the U.S. Department of Health and Human Services, averaging 1.6 breaches per day affecting healthcare institutions.
