Surmodics & Kentfield Hospital Fall Victim to Cyberattacks
Data breaches have been disclosed by a Minnesota medical device manufacturer and the threat actor behind an apparent attack on a California hospital.
Surmodics, Minnesota
Surmodics, an Eden Prairie, MN-based provider of catheters, medical device coatings, and chemical components for in vitro diagnostic tests and microarrays, has disclosed a security incident to the United States Securities and Exchange Commission (SEC). According to the filing, a breach of its IT systems was detected on June 5, 2025, which rendered certain IT systems and data unavailable. While not explicitly stated, the language used to describe the incident suggests this was a ransomware attack.
Third-party cybersecurity experts have been engaged to help contain, investigate, and remediate the incident. Critical IT systems have been restored and IT data is being validated. The remaining systems and data are in the process of being restored and validated. While the cyberattack has taken systems offline, Surmodics said it has continued to take and ship customer orders using alternative systems.
Surmotics holds a cyber insurance policy and anticipates that the policy will cover a significant percentage of any expenditures, not including the deductible and certain exclusions. The company faces other risks due to the attack, including potential litigation, regulatory activity, and loss of customers, and it is currently unclear to what extent data has been stolen. The threat actor behind the attack has not released any of the impacted data so far and does not appear to have used the data for fraudulent purposes.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Kentfield Hospital, California
Kentfield Hospital, a critical access hospital in California, is an apparent victim of a cyberattack and extortion attempt by the World Leaks threat group. World Leaks is believed to either be a rebrand of the Hunters International ransomware group or at least includes some former Hunters International members. World Leaks engages in data theft and extortion and has been active since January 2025. World Leaks claims to have exfiltrated 146.4 GB of data from the attack on Kentfield Hospital across more than 140,000 files, with some of those files containing patients’ protected health information, including medical images. Neither Kentfield Hospital nor its operator, Vibra Healthcare, has confirmed a cyberattack or data breach so far.
