Numotion Reports Email Data Breach Affects 529,000 Individuals
The wheelchair and mobility equipment provider United Seating and Mobility LLC, which does business as Numotion, has recently confirmed a data breach that involved unauthorized access to the personal and protected health information of 494,326 individuals. According to the substitute breach notice on its website, an unauthorized third party gained access to the email accounts of some of its employees between September 2, 2024, and November 18, 2024, following responses to phishing emails. The total has since been updated to 529,004 individuals.
Numotion said it has no reason to believe that the accounts were accessed to obtain personal information, and no evidence has been found to indicate that any information in the accounts has been stolen and misused. The accounts were reviewed to determine the individuals affected and the types of data exposed, and on January 22, 2025, Numotion confirmed that some customer information was involved. The types of information in the accounts varied from individual to individual and may have included names, dates of birth, product information, payment and financial account information, health insurance information, and medical information. A minority of the affected individuals had their Social Security numbers and/or driver’s license numbers exposed. Individual notification letters are now being mailed to the affected individuals, and complimentary credit monitoring and identity theft protection services have been offered to individuals whose Social Security numbers were involved.
This is not the only breach of this magnitude to be experienced by Numotion. In March 2024, Numotion was the victim of a ransomware attack. The Numotion ransomware attack involved unauthorized access to the data of 602,265 individuals between February 29, 2024, and March 2, 2024. Numotion also filed a breach report with the Office for Civil Rights in November 2024 about an email incident that was detected on September 6, 2024.
According to the breach notice, multiple employee email accounts were compromised between August 23, 2024, and September 6, 2024. That email breach involved the protected health information of 2,319 individuals. Given the overlap in dates between the two email incidents, email accounts were compromised at Numotion for a period of almost 3 months. Several lawsuits have already been filed against Numotion that allege the company was negligent by failing to implement reasonable and appropriate safeguards to protect the sensitive personal and protected health information of its customers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
