Medtronic Breach Hits 9M, and an AI Just Ran Its Own Ransomware Attack
Your Social Security number and health history could be sitting on a criminal’s hard drive right now, and you wouldn’t find out until the letter shows up in your mailbox. That’s exactly what happened to nine million Medtronic customers. This week, a global medical giant, a city right outside Atlanta, and an attack run start to finish by artificial intelligence all point to the same uncomfortable lesson. *Nobody is too small to hack, and the basics still decide who survives.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week’s stories for executives, owners, and operators who don’t have time to keep up with cyber news but can’t afford to be blindsided by it either. First up, Medtronic. The company that makes pacemakers and insulin pumps is now notifying about nine million people that their names, birth dates, Social Security numbers, and health information were stolen by a crew called ShinyHunters. Here’s the part that should worry every business owner: ShinyHunters didn’t need a genius hack to get in. They called an employee, pretended to be tech support, and talked their way past the front door, the same move that works on your team. Even a company this size is looking at a cleanup that averages 279 days for a healthcare breach, and a small business doesn’t have that kind of runway. Then we bring it home. On June 8th, the City of Acworth, right here in Cobb County, got hit hard enough to call in outside cybersecurity pros and law enforcement. Weeks later, the city still won’t say what kind of attack it was or whether any data walked out the door. The good news buried in the story: everything was restored with no lasting disruption, which almost always means one thing, working backups. Government ransomware jumped about 65 percent in the first half of 2025, and attackers hunt small cities for the same reason they hunt small businesses: thin teams and tight budgets. We close with the one that keeps us up at night. Researchers at Sysdig say they caught the first ransomware attack run entirely by an AI, no human at the keyboard. It broke in, stole credentials, locked up a database, and wrote its own ransom note. When one login failed, it diagnosed the problem, rewrote its own code, and was back in within about 31 seconds. And in this case, even paying the ransom may not have brought the data back, which means backups are not your plan B anymore, they are your plan A. Three very different targets. One playbook that decides who walks away fine and who doesn’t. In this episode, we discuss: • The Medtronic breach that exposed Social Security numbers and health data for about nine million people • Why a cyberattack on the City of Acworth is a preview of what hits small businesses • The first ransomware attack researchers say was run entirely by an AI, with no human directing it • Why the size of the target stopped mattering a long time ago • The three boring fundamentals, backups, multi-factor, and patching, that decide how every one of these stories ends • What business owners should actually check this week before they need it Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Medtronic #ShinyHunters #DataBreach #Ransomware #AI #Acworth #SmallBusiness #VendorRisk #MSP #BusinessRisk