back to article Heart surgery device maker's security bypassed, data encrypted and stolen

A manufacturer of devices used in heart surgeries says it's dealing with "a cybersecurity incident" that bears all the hallmarks of a ransomware attack. Artivion, which is listed on the New York Stock Exchange, said the incident took place on November 21 and "involved the acquisition and encryption of files." In plain terms, …

  1. Anonymous Coward
    Anonymous Coward

    "Sounds like th-aorta get this sorted quickly"

    That was a good pun. I expect the comments section will respond with jibes about heartless criminals and other comments in the same vein...

    1. Korev Silver badge
      Coat

      Re: "Sounds like th-aorta get this sorted quickly"

      Bloody hell that was a good one!

    2. Korev Silver badge
      Coat

      Re: "Sounds like th-aorta get this sorted quickly"

      > I expect the comments section will respond with jibes about heartless criminals and other comments in the same vein...

      This pun was a work of artery

    3. ItWasn'tMe

      Re: "Sounds like th-aorta get this sorted quickly"

      I suspect it may bypass many.

    4. This post has been deleted by its author

    5. Blazde Silver badge

      Re: "Sounds like th-aorta get this sorted quickly"

      A truly veinous crime. Low-lifes like this really make my blood boil.

      1. Wally Dug

        Re: "Sounds like th-aorta get this sorted quickly"

        Is this story:

        A Negative

        B Positive

        O For Goodness' Sakes

        or

        AB Undecided

    6. Anonymous Coward Silver badge
      Boffin

      Re: "Sounds like th-aorta get this sorted quickly"

      Hopefully it will end with some arrests of the non-cardiac variety

      1. Stanley Toolset

        Re: "Sounds like th-aorta get this sorted quickly"

        Let's hope they rhesuscitate this story if there are future developments.

        1. The Oncoming Scorn Silver badge
          Coat

          Re: "Sounds like th-aorta get this sorted quickly"

          I imagine there will be discussion in chambers, val-ve wait for cops to make arrests.

    7. Anonymous Coward
      Anonymous Coward

      Re: "Sounds like th-aorta get this sorted quickly"

      I hope they'd kept on top of their Auricle patching.

    8. Sam not the Viking Silver badge
      Pint

      Re: "Sounds like th-aorta get this sorted quickly"

      This isn't something to jugular about.

      Thicker than water ----->

    9. Fruit and Nutcase Silver badge

      Re: "Sounds like th-aorta get this sorted quickly"

      Dicky Ticker[Security]

  2. Jim Willsher

    As the proud owner/recipient of a new aortic valve last year, I can vouch for how good they are, and to hear about a company that's providing healthcare getting attacked makes my blood boil, it's totally heartless.

    1. Anonymous Coward
      Anonymous Coward

      How was it delivered? In an Aorticulated truck?

  3. A random security guy

    $90m+/quarter revenue is ripe for ransomware

    It is sheer negligence to not have a DRP. Maybe they had one but never tested it? Maybe it was just a show DRP?

  4. Ken Shabby Bronze badge
    Angel

    You lot just don’t miss a beat.

  5. Anonymous Coward
    Anonymous Coward

    phew

    At least it wasn't the bluetooth implanted defib maker, I have in my chest.

    that was close! I can unwrap the foil.

  6. Bebu sa Ware
    Coat

    The subed an Igor(ina)?

    "Th[a]orta get thith thorted quickly."

    The companies side hustle: "Offers a wide range of cryogenically preserved cardiac and vascular allografts – donor tissues that are preserved and later thawed for use in surgeries" sounds like Igors 'R' Us, Überwald.

  7. Sherrie Ludwig
    Black Helicopters

    I don't know if this would be feasible

    Can some person familiar with databases figure out a way to "salt" the data with a computer version of a land mine? A record looking like any other innocuous entry that could be activated either by reading without some special code or routine buried in the legitimate data user's programs to deactivate it, or is time-set to "detonate" without receiving regular "not yet" signals from that legitimate data user? The result to be either the deletion or scrambling of all the records to render them useless, or for maximum effect, wiping any programs that tried to access the data?

    I am thinking of the dye packs that sometimes foil bank robbers, which could be set to deliver nastier things than pink dye if one really wanted to discourage crime...

    1. Anonymous Coward
      Anonymous Coward

      Re: I don't know if this would be feasible

      Not feasible for various reasons, including:

      - Kill switches may be illegal in in some jurisdictions

      - The "wiping any programs" part puts you into malware territory

      - Risk of being accidently (or deliberately) triggered and having to explain yourself to your customer after wiping their production system

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like