MathWorks, the developer behind MATLAB and Simulink, has disclosed a ransomware attack in April that compromised sensitive personal information for at least 10,476 individuals. The company publicly confirmed the breach on May 27 after linking extended service outages to the cyberattack, which disrupted authentication systems and cloud-based resources critical for its global customer base.
The incident disrupted multi-factor authentication (MFA), single sign-on (SSO), MathWorks’ cloud center, the license center, and its online store. For healthcare organizations, where MATLAB and Simulink are frequently used in biomedical research, diagnostic simulations, and device modeling, these outages highlight the operational risks posed by third-party service disruptions.
Source: mathworks.com.
In filings with state attorneys general, MathWorks confirmed that attackers stole documents containing names, addresses, dates of birth, Social Security Numbers, and non-U.S. national IDs. For impacted healthcare professionals, such breaches raise regulatory compliance issues under HIPAA and GDPR, especially if the compromised data overlaps with systems tied to clinical research or protected health information (PHI).
The identity of the ransomware group responsible remains unknown. No gang has publicly claimed responsibility, fueling speculation that MathWorks may still be in negotiations or may have already paid the attackers. This uncertainty prolongs the risk window, as stolen data could resurface on criminal forums.
Founded in 1984, MathWorks serves over 5 million users worldwide, with a strong footprint in scientific and medical research institutions. Its platforms are integral to computational medicine, machine learning in diagnostics, and simulations used in drug discovery pipelines. A prolonged or repeated breach could therefore have ripple effects across medical innovation and care delivery.
Healthcare organizations using MathWorks products should evaluate the potential downstream risks of the breach, rotate credentials tied to MathWorks accounts, and monitor for fraud involving employee or researcher identities. Proactively reviewing third-party vendor dependencies and integrating supply chain risk assessments into security strategy will be critical to safeguarding sensitive healthcare data and maintaining regulatory compliance.
