ZOLL Medical Corporation, an Asahi Kasei Group Company, develops and markets medical devices and software solutions. A press release on March 18 described an incident that impacted what they describe as “some patients’ personal and medical information.”
On January 24, 2019, ZOLL discovered that some email archived by an unnamed third-party service provider had been exposed during a server migration. The vendor believes that the exposure occurred between November 8, 2018 and December 28, 2018.
At this point, ZOLL is not aware of any fraud or identity theft to any individual as a result of this exposure. The vendor has since confirmed that all information has now been secured.
Information that may have been exposed includes patient names, addresses, dates of birth, and limited medical information. A small percentage of patients also had Social Security numbers exposed.
ZOLL takes the privacy and security of patient information very seriously. Upon learning of the incident, ZOLL immediately initiated an internal review and retained a leading independent forensics firm to conduct a thorough investigation of the incident. Law enforcement and federal and state agencies have been notified to give them the opportunity to further investigate.
Further, ZOLL is taking steps to review its process for managing third party vendors and confirmed that the impacted vendor has also taken actions to help prevent against similar incidents in the future.
ZOLL is offering free credit and identity monitoring services for one year to impacted patients where available. As an added precaution, ZOLL is providing impacted patients with information on additional steps that may help to guard against fraud or identity theft.
ZOLL sincerely regrets any inconvenience or concern this incident may cause. If you have any questions or need any additional information, please do not hesitate to contact 1-833-231-3358.
Pennsylvania-headquartered ZOLL, LLC reported this incident to HHS as impacting 277,319 patients.