On June 5, Surmodics, a Minnesota-based medical device manufacturer, experienced a cyberattack that forced the company to shut down parts of its IT system. The attack disrupted their operations, prompting them to use alternative methods to accept customer orders and ship products. Although critical IT systems have been restored, the full scope and details of the stolen data are still under analysis. The company faces risks such as potential litigation, regulatory scrutiny, and changes in customer behavior. Surmodics has cyber insurance to cover most of the costs.
Source: https://therecord.media/surmodics-medical-device-company-reports-cybersecurity-incident
TPRM report: https://scoringcyber.rankiteo.com/company/surmodics
"id": "sur413070325",
"linkid": "surmodics",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Minnesota',
'name': 'Surmodics',
'type': 'Medical Device Manufacturer'}],
'data_breach': {'data_exfiltration': 'Data stolen, scope and details being '
'analyzed'},
'date_detected': '2023-06-05',
'description': 'Minnesota-based company Surmodics experienced a cyberattack '
'on June 5, forcing the medical device manufacturer to shut '
'down parts of its IT system.',
'impact': {'downtime': 'Some systems still being worked on',
'legal_liabilities': 'Potential litigation',
'systems_affected': 'Parts of IT system'},
'investigation_status': 'Ongoing',
'references': [{'source': 'SEC Filing'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified SEC'},
'response': {'containment_measures': 'Systems taken offline',
'law_enforcement_notified': 'Yes',
'recovery_measures': 'Critical IT systems restored, partial '
'recovery',
'remediation_measures': 'Alternative methods to accept orders '
'and ship products',
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Cyberattack on Surmodics',
'type': 'Cyberattack'}