livanova ransomware

Medical device manufacturer LivaNova over the weekend confirmed it notified 129,219 people about an October 2023 data breach that exposed names, Social Security numbers, medical information, dates of birth, phone numbers, email addresses, and postal addresses.

Ransomware group LockBit claimed responsibility for the attack, saying it stole 2.2 TB of data.

LivaNova first announced the October 26, 2023 attack in a November SEC filing, but the investigation into the incident wasn’t completed until April 10, 2024, and victims weren’t notified until May 31, more than half a year after the breach occurred. In its most recent 10-Q filing, the company says it incurred $5.4 million in costs connected to the cyber attack.

The compromised medical data included patients’ treatments, conditions, diagnoses, prescriptions, physicians, medical record numbers, and device serial numbers.

We don’t yet know whether LivaNova paid a ransom or how attackers breached its systems. Comparitech contacted LivaNova for comment and will update this article if it responds.

We recommend victims in the US take advantage of the free identity theft protection and credit monitoring services offered by LivaNova via Experian. Unfortunately, the same services are not being offered to patients in the rest of the world.

Who is LockBit?

LockBit is one of the most prolific ransomware gangs, first appearing in 2019. The group is most likely based in Russia.

LockBit often extorts victims twice: once for a decryption key to restore systems that its malware has encrypted, and again in exchange for not selling or publicly releasing stolen data.

Comparitech has logged 45 confirmed attacks claimed by LockBit so far in 2024, along with another 360 unconfirmed attacks. LockBit’s average ransom demand is about $4 million.

In 2023, we logged 209 confirmed attacks claimed by LockBit, 29 of which were against healthcare-related entities. Its biggest attack in the healthcare sector was against Managed Care of North America Dental, which compromised 8.9 million people’s records. MCNA Dental refused to pay the $10 million ransom.

According to today’s notification, LivaNova is LockBit’s fourth-biggest target in healthcare by number of records affected. That figure only accounts for US residents, so the total number is likely much higher. Besides MCNA Dental, the other two larger attacks were against Panorama Eyecare (377,911 records) and Deer Oaks Behavioral Health (171,871 records).

Ransomware attacks on healthcare

Hospitals, clinics, and other healthcare-related organizations are frequent targets for ransomware attacks. Ransomware can disrupt key systems used for payment, making appointments, storing patient information, and more. Hospitals and clinics might be forced to cancel appointments and divert patients elsewhere, or resort to pen and paper until systems are restored.

Last year, we logged 220 ransomware attacks on businesses operating within the global healthcare sector (this includes device manufacturers like LivaNova). These attacks affected 47,335,455 records.

So far this year we’ve logged 77 such attacks worldwide, affecting 4,980,060 records. The average ransom across these attacks was just over $6.3 million.

We further tracked 156 unconfirmed attacks on healthcare so far this year.

About LivaNova

Formed from a merger in 2015, LivaNova is an Italian-American medical device manufacturer based in the UK. It makes devices for cardiac surgery and neuromodulation, such as pacemakers. It has about 2,900 employees, according to external sources.