[BreachExchange] Devicemaker data breach exposes 277K patients' information

Destry Winant destry at riskbasedsecurity.com
Thu Mar 21 01:50:45 EDT 2019


Zoll Medical reported that the personal information of 277,319
patients was exposed during a recent server migration.

The medical-device and software maker said in a release on Monday that
a third-party service archives Zoll's e-mails. Some personal
information was included in the e-mail communications the third-party
provider stores.

During a recent server migration, some of the data from those e-mails
was exposed. Zoll believes the incident occurred between Nov. 8 and
Dec. 28, 2018. The company refused to comment on whether the exposure
was inadvertent or the result of a hack.

"At this point, Zoll is not aware of any fraud or identity theft to
any individual as a result of this exposure," the company said in a
release. "The vendor has since confirmed that all information has now
been secured."

Zoll said patient names, addresses, dates of birth and limited medical
information could have been among the data exposed as a result of the

A small number of patients also had their Social Security numbers exposed.

This is the first data breach that Zoll has reported to HHS' Office
for Civil Rights in the past two years, according to HHS' data
breaches portal.

Zoll's breach continues a trend of major data breaches so far in 2019.
Last month, data breaches compromised the information for more than 2
million patients, according to data from the Office for Civil Rights.
That figure is well above the 309,664 people affected by breaches in
February 2018.

Data breaches have become a major concern for healthcare providers and
companies. A study published in JAMA last year found that health data
breaches rose each year from 2010 to 2017.

HHS' Office for Civil Rights also issued a record-breaking $28.7
million in fines in 2018 to companies for poor responses to data

More information about the BreachExchange mailing list