I recently reported that I had discovered that the primary website for Masimo Corporation (Nasdaq: MASI) – Masimo.com – was down…and down for a few days. This is very unusual for a public company and the message displayed on the inactive site sounded suspiciously untrue – saying the site was undergoing “maintenance.” Now we’ve learned from a filing with the Securities and Exchange Commission (SEC) that the company had suffered an intrusion and “unauthorized activity” on its systems.
See more on this cyber incident on Masimo.com
I should start by noting that the website appears to be fully restored at this point. It has been reorganized into three main sections: Professional Health (the company’s main business), Personal Health (its consumer health products now separate from Sound United), and Masimo Audio (the Sound United business, sans consumer health products).
The site appears responsive and fully operable.
‘Unauthorized Activity’
On April 27th, the company told the SEC it “…identified unauthorized activity on the Company’s on-premise network. Upon detection, we activated our incident response protocols and implemented containment measures, including proactively isolating impacted systems. We promptly commenced an investigation and are actively working to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals. The Company has also notified and is coordinating with law enforcement.”
This was absolutely the outage I detected earlier this month and that, despite my best efforts, couldn’t get any kind of comment from the company or its representatives. Even in the filing with the SEC, it isn’t completely clear if this is an incident of hacking, cyber-crime, digital espionage, ransomware, or just malicious vandalism.
But the last line in the statement from the company above validates the statement from a commenter on my story who noted that the FBI had been called into Masimo’s Irvine, CA HQ.
Manufacturing and Order Processing Was Disrupted
What we do know is that the extent of the incident is great enough to disrupt the company’s manufacturing capabilities…a huge problem. Also, the hack disrupted its ability to process orders – at least as of last week.
Here is more of the filing to the SEC…
“As a result of the incident, certain of the Company’s manufacturing facilities have been operating at less than normal levels, and the Company’s ability to process, fulfill, and ship customer orders timely has been temporarily impacted. The Company has been working diligently to bring the affected portions of its network back online, restore normal business operations and mitigate the impact of the incident.
“The investigation of the incident remains ongoing, and the full scope, nature, and impact of the incident are not yet known. At this time, the Company believes that the incident appears unrelated to and is not affecting the Company’s cloud-based systems.”
The Investigation is Ongoing
As the investigation is ongoing, it is possible we will learn more as they get this all sorted out.
I highly recommend you check out the coverage on this story from Donna Cusano of the Telehealth & Telecare Aware website who tipped me off to the Masimo website being down, who closely follows Masimo and the MedTech segment, and who does a great job digging deep into issues surrounding the news. She beat me to this story and does a superb analysis of the absurdity of the response. Check out her excellent story here…
Also, check out the new Masimo website design here: masimo.com.
Leave a Reply