Livanova said Thursday that patient data was obtained during a cyberattack the company discovered in November.
CEO Vladimir Makatsaria said in a statement the company learned on April 10 that an unauthorized party obtained “identifiable personal information of U.S. patients.” Makatsaria, who took over as CEO on March 1, added that the data includes patients’ names, contact information, Social Security numbers, dates of birth and insurance information.
The unauthorized party also obtained health information during the incident, such as treatments, conditions, diagnoses, medical record numbers and device serial numbers. The company is still investigating the scope of the attack.
“We are alerting affected U.S. patients about this issue so they can take steps to help protect their information,” the CEO said in the cybersecurity notice to U.S. patients posted on the company’s website.
Patients in the U.S. affected by the attack can register with the company for identity protection and credit monitoring services at no cost. Livanova said patients who had their information exposed should monitor their credit reports and accounts to look for potential fraud and identity theft.
In November, Livanova disclosed that it identified a cybersecurity incident that disrupted its IT systems and forced the company to take some systems offline. The company said Thursday the attack took place around Oct. 26.
After the attack was detected, Livanova launched an investigation with assistance from cybersecurity experts and coordination with law enforcement.
CFO Alex Shvartsburg said on a February earnings call that the company incurred costs of about $2.6 million in the fourth quarter related to the cybersecurity event.
“These costs primarily included external cybersecurity experts, legal counsel and system restoration costs,” Shvartsburg said. “We continue to monitor developments of the ongoing investigation and may incur additional costs related to this incident.”
Shvartsburg said the attack negatively impacted Livanova’s adjusted operating income margin by about 100 basis points because of disruption to cardiopulmonary manufacturing sites.
William Kozy, who served as interim CEO for nearly 11 months before Makatsaria was hired, told investors on the call that the incident encouraged the company to look at its systems more broadly.
“You will see an uptick in our IT investment,” Kozy said. He added that Livanova plans to strengthen its security position and “modernize a number of targeted systems which were natural entry points for other threat actors.”