ZOLL Medical Corporation, a medical device manufacturer and software developer in Pennsylvania, is informing 277,319 patients about the exposure of some of their personal and healthcare data.
The exposed data were included in email messages that were archived using a third-party email archiving solution. A problem occurred during a server migration which caused the exposure of the archived email messages over the internet which potentially allowed them to be accessed by unauthorized individuals.
When ZOLL discovered the breach, a third-party computer forensics firm was retained to assist with the investigation and determine if any unauthorized individuals accessed the email messages and viewed or obtained the patient data.
Zool explained in its breach notice that removal of protections occurred on November 8, 2018 and email messages were exposed until December 28, 2018. There was no evidence to suggest unauthorized persons accessed any sensitive information; however, the possibility could not be ruled out.
A review of the archived email messages showed that they included patient names, addresses, birth dates and some medical data. The Social Security numbers of some patients were also exposed.
As a safety measure against identity theft and fraud, ZOLL has offered affected patients free credit monitoring and identity theft protection services for one year.
ZOLL stated that the email archiving firm has now secured all email messages exposed during the breach and has implemented additional safeguards to prevent any further exposure of emails. ZOLL has also conducted an assessment of its processes for monitoring third-party vendors and has enhanced its policies and procedures.