Medical Device Manufacturer Notifies 277,319 Patients About PHI Exposure

The Pennsylvania medical device manufacturer and software developer, ZOLL Medical Corporation, has started notifying 277,319 patients about the accidental exposure of some of their personal and medical information.

The information was contained in emails that had been archived using a third-party email archiving solution. During a server migration, archived emails were exposed and could potentially have been accessed by unauthorized individuals.

Upon discovery of the breach, ZOLL initiated an investigation and hired a third-party computer forensics company to determine whether any unauthorized individuals had accessed emails and viewed or downloaded patient information.

The investigation revealed protections had been removed on November 8, 2018 and emails remained accessible until December 28, 2018. No evidence was uncovered to suggest any sensitive information was accessed by unauthorized individuals, but it was not possible to rule out the possibility that personal and medical information had been compromised.

An analysis of the archived emails revealed they contained patient names, addresses, dates of birth and a limited amount of medical information. A small percentage of affected patients also had their Social Security number exposed.

As a precaution against identity theft and fraud, all patients affected by the breach have been offered complimentary credit monitoring and identity theft protection services for 12 months.

ZOLL has confirmed that the email archiving company has secured all exposed emails and has implemented measures to prevent further data breaches. ZOLL has said it has conducted a review of its own processes for managing third-party vendors and has updated policies and procedures to prevent any further data breaches.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.