December 10, 2024 at 07:38AM
Artivion reported a cybersecurity incident resembling a ransomware attack on November 21, 2024, resulting in data theft and file encryption. The company is investigating, has engaged external advisors, and is working to restore systems. The incident has disrupted operations but is not expected to impact finances significantly, aided by cyber insurance.
### Meeting Notes Takeaways
1. **Incident Overview**:
– Artivion, a cardiac device manufacturer, reported a cybersecurity incident resembling a ransomware attack on November 21, 2024.
– The incident involved data acquisition and encryption, indicating that files were both stolen and locked.
2. **Response Actions**:
– The company has implemented a response strategy that includes:
– Taking systems offline.
– Initiating a thorough investigation.
– Engaging external professionals (legal, cybersecurity, and forensics) to support containment and remediation efforts.
– Efforts are ongoing to restore systems securely and evaluate notification obligations.
3. **Current Status**:
– No ransomware group has claimed responsibility for the attack as of the latest information.
– Order and shipping disruptions are present but are reportedly under control.
4. **Financial Considerations**:
– Artivion expects that its cyber insurance will cover most expenses related to the incident, although additional costs may arise.
– The company currently does not foresee a material impact on finances, but it remains cautious, acknowledging potential future risks related to restoration delays.
– The company’s third-quarter revenue increased to $95.8 million, up from $87.9 million in 2023.
5. **Operational Impact**:
– The incident affects order and shipping processes, as well as certain corporate operations, but disruptions are said to be largely managed.
6. **Regulatory Advisory**:
– The US Cybersecurity and Infrastructure Security Agency (CISA) advises against paying ransoms, highlighting risks associated with funding criminal activities and the lack of guarantees regarding data deletion by criminals.
7. **Company Products**:
– Artivion provides devices essential for heart and vascular surgeries, including heart valves, aortic arches, stent grafts, and cryogenically preserved donor tissues for surgical use.
### Next Steps:
– Monitor ongoing incident developments and restoration efforts.
– Stay updated on insurance coverage and any potential financial impacts stemming from the incident.
– Prepare for potential regulatory notifications as assessments continue.