Email Archiving Solution Exposed PHI of 277,319 Patients

ZOLL Medical Corporation, a medical device manufacturer and software developer in Pennsylvania, is informing 277,319 patients about the exposure of some of their personal and healthcare data.

The exposed data were included in email messages that were archived using a third-party email archiving solution. A problem occurred during a server migration which caused the exposure of the archived email messages over the internet which potentially allowed them to be accessed by unauthorized individuals.

When ZOLL discovered the breach, a third-party computer forensics firm was retained to assist with the investigation and determine if any unauthorized individuals accessed the email messages and viewed or obtained the patient data.

Zool explained in its breach notice that removal of protections occurred on November 8, 2018 and email messages were exposed until December 28, 2018. There was no evidence to suggest unauthorized persons accessed any sensitive information; however, the possibility could not be ruled out.

A review of the archived email messages showed that they included patient names, addresses, birth dates and some medical data. The Social Security numbers of some patients were also exposed.

As a safety measure against identity theft and fraud, ZOLL has offered affected patients free credit monitoring and identity theft protection services for one year.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

ZOLL stated that the email archiving firm has now secured all email messages exposed during the breach and has implemented additional safeguards to prevent any further exposure of emails. ZOLL has also conducted an assessment of its processes for monitoring third-party vendors and has enhanced its policies and procedures.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/