Breach taxonomy
Summary
On April 27, 2025, Masimo Corporation identified unauthorized activity on its on-premise network, immediately activated incident response protocols, and engaged third-party cybersecurity professionals for investigation and remediation. Manufacturing, order-taking, distribution, and shipping operations were disrupted but had substantially recovered by the May 27 update filing, with manufacturing at near full capacity and critical systems fully operational. The company holds cybersecurity insurance and expected the majority of out-of-pocket remediation costs to be covered. Filed under Item 8.01; this is an update filing on the originally reported May 6, 2025 incident.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor or group -> UNKNOWN.
MethodsMalware
Filing describes 'unauthorized activity on the Company's on-premise network' requiring incident response and containment; no explicit mention of ransomware or data exfiltration -> MALWARE (general, non-ransomware).
AssetsRevenue Process
Unauthorized activity disrupted manufacturing operations, order taking, distribution, and shipping - all revenue-generating processes -> REVENUE-PROCESS.
EffectsBiz Interruption
Manufacturing, distribution, and shipping operations were disrupted with delayed orders outstanding, requiring weeks of recovery -> BIZ-INTERRUPTION.
Business continuityEffective
By the May 27 update filing, 'manufacturing operations are running at near full capacity' and 'critical order taking, distribution and shipping systems are fully operational' -> Effective.
Impact
Multi-week disruption to manufacturing, shipping, and distribution at a medical device company; operations substantially recovered by update filing; insurance expected to cover majority of remediation costs -> score 3.
InsuranceYes
Filing states 'The Company maintains cybersecurity insurance, and expects that the majority of out-of-pocket remediation costs incurred by the Company in connection with the incident will be covered by such insurance' -> true.
Read the original SEC filing excerpt
Item 8.01. Other Events. As previously reported under Item 8.01 of Form 8-K on May 6, 2025, on April 27, 2025, the Company identified unauthorized activity on the Company's on-premise network and, upon detection, activated its incident response protocols and implemented containment measures. The Company promptly commenced an investigation and has been actively working to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals. The Company has also notified and coordinated with law enforcement. At this time, the Company's manufacturing operations are running at near full capacity, and the Company's critical order taking, distribution and shipping systems are fully operational. The Company is continuing to optimize these systems to ensure that any delayed orders are being processed in a timely manner. The Company maintains cybersecurity insurance, and expects that the majority of out-of-pocket remediation costs incurred by the Company in connection with the incident will be covered by such insurance, and that any such costs will be non-recurring in nature.