More than 1 million people may have had personal data compromised during a recent hacking of Zoll Medical’s systems.
That’s according to a notice that Zoll filed with Maine’s attorney general, one of a number filed with federal and state agencies since the data breach in late January.
Operated out of Massachusetts, Zoll is an Asahi Kasei company. It makes a variety of advanced emergency care devices that provide defibrillation and cardiac monitoring, circulation enhancement and CPR feedback, supersaturated oxygen therapy, ventilation, and more.
The cybersecurity incident affected the protected health information of some current and former patients who use the Zoll LifeVest wearable cardioverter defibrillator, spokesperson Matt Hogan told MassDevice.
The company’s investigation indicated that people who use other Zoll devices and related software were not affected. Also, the hacking did not impact the safety and operation of LifeVest and other devices.
Hogan extended the sincere regret of company officials for any inconvenience or worry that the situation causes LifeVest patients.
“Zoll takes its responsibility to protect sensitive information very seriously, and we are further enhancing our data security practices as a result of this incident,” he said.
More about the cybersecurity incident at Zoll
Zoll detected unusual activity on its internal network on Jan. 28, according to a notice the company sent to those affected by the data breach. The company said it engaged in mitigation efforts, consulted with third-party cybersecurity experts, and notified law enforcement.
Within days, Zoll determined the data breach could have enabled hackers to gain access to customers’ personal health information, as well as their names, addresses, dates of birth, and Social Security numbers.
That company said it has no indication that any of the data involved in the incident has been misused.
Zoll is providing complementary Experian IdentityWorks for 24 months to patients whose Social Security numbers were affected, and 36 months for current and former employees and their dependents.
This isn’t the first time that Zoll has had a data breach. More than four years ago, it experienced a data breach during an email server migration.