Zoll Medical has been sued in U.S. District Court in Eastern Massachusetts over its recent data breach that involved more than 1 million people.
The law firms Sauder Schelkopf (Berwyn, Pennsylvania) and Milberg Coleman Bryson Phillips Grossman (Garden City, New York) filed the suit on March 24. They’re seeking class-action status. The main plaintiff is Gerald Lennon, a Pennsylvania resident who received a letter from Zoll in early March informing him that the data breach impacted his sensitive personal information (PII) and protected health information (PHI).
Says the complaint: “At all relevant times, defendant knew, or should have known, its customers’, patients’, plaintiff’s, and all other class members’ PII/PHI was a target for malicious actors. Despite such knowledge, Defendant failed to implement and maintain reasonable and appropriate data privacy and security measures to protect plaintiff’s and class members’ PII/PHI from cyberattacks that Defendant should have anticipated and guarded against”
The suit describes the theft of personal and health information as serious, with all-inclusive health insurance dossiers potentially selling for more than $1,000 apiece on the black market.
A Zoll spokesperson said the company’s policy is not to comment on pending litigation.
Operated out of Massachusetts, Zoll is an Asahi Kasei company. It makes a variety of advanced emergency care devices that provide defibrillation and cardiac monitoring, circulation enhancement and CPR feedback, supersaturated oxygen therapy, ventilation, and more.
The Zoll data breach was related to its LifeVest
The cybersecurity incident affected the protected health information of a group of current and former patients who use the Zoll LifeVest wearable cardioverter defibrillator, according to the company.
A notice that Zoll filed with Maine’s attorney general says the hacking affected more than 1 million people.
Zoll detected unusual activity on its internal network on Jan. 28. Within days, Zoll determined the data breach could have enabled hackers to gain access to customers’ personal health information, as well as their names, addresses, dates of birth, and Social Security numbers.
Zoll has said that it sincerely regrets the inconvenience or worry that the situation has caused LifeVest patients. It is providing complementary Experian IdentityWorks for 24 months to patients whose Social Security numbers were affected, and 36 months for current and former employees and their dependents. In addition, the company is further enhancing its data security practices.