Medical device giant says cyberattack leaked sensitive data of 1 million people
Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people.
In documents provided to Maine’s Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2.
Zoll said their investigation into the incident is “ongoing.”
“Information that may have been disclosed includes your name, address, date of birth, and Social Security number. It may also be inferred that you used or were considered for use of a ZOLL product,” the company told victims.
“We consulted with third-party cybersecurity experts to assist with our response to and remediation of the incident, and we notified law enforcement and federal and state regulatory agencies as required by law.”
Zoll is providing victims with two years of identity theft protection services from Experian. Databreaches.net was the first to report on the notices. The company began sending out the breach notification letters on Friday.
Zoll is headquartered in Massachusetts but develops products in California, Colorado, Minnesota, New Jersey, Pennsylvania, Rhode Island, and Wisconsin – with products sold across more than 140 countries.
They produce a range of devices including defibrillation and monitoring tools as well as devices for circulation and CPR feedback, data management, therapeutic temperature management, and ventilation.
The products are typically sold to clinics, hospitals, emergency health services, the military and fire stations.
Zoll claimed the vendor was responsible for exposing an email server during a server migration process. The server was left exposed for seven weeks, during which time a hacker accessed it and viewed the data.
That breach affected nearly 300,000 people and leaked medical information as well as Social Security numbers.
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.