- The medical device manufacturing company allegedly witnessed this incident sometime between November and December 2018.
- It was discovered that a server migration from a third-party service provider led to the exposure of data.
ZOLL Medical Corporation, popularly known as ZOLL, has informed patients of a data breach incident that occurred last year. ZOLL develops and markets medical devices. It also sells software solutions for emergency care.
As per the official statement released by the company, a third-party service used by ZOLL for archiving and other purposes led to the exposure of ZOLL customers' data.
The big picture
- The incident came to light this January when ZOLL found the email archived by a third-party was exposed during a server migration by the vendor.The company has published a press release detailing the data exposure.
- It is believed that sensitive data was exposed sometime between November 8, 2018, and December 28, 2018.
- Exposed information included patient names, addresses, dates of birth, and limited medical information. Moreover. a few of the Social Security numbers were also exposed.
- ZOLL also stated that it did not come across any ‘fraud or identity theft’ post the exposure.
- The company told HHS that 277,319 patients were impacted by the incident.
What actions were taken - The medical device manufacturer also said in the press release that it was investigating the incident.
“Upon learning of the incident, ZOLL immediately initiated an internal review and retained a leading independent forensics firm to conduct a thorough investigation of the incident. Law enforcement and federal and state agencies have been notified to give them the opportunity to further investigate,” it said in the official statement.
As part of its countermeasures, ZOLL has offered free credit and identity monitoring services to those affected by the incident.