Over 1850 Total Lots Up For Auction at Six Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/03, TX 05/06, NJ 05/08, WA 05/09

Spanish Spanish

Zoll Medical network hack puts data of over one million wearable defibrillator patients at risk

by John R. Fischer, Senior Reporter | March 17, 2023
Cyber Security Health IT
Share
A breach of Zoll Medical's network has put data for over one million cardiac defibrillator patients at risk.
A breach in early February compromised information belonging to one million patients using or in line to receive a Zoll Medical wearable defibrillator.

The size of a paperback book, the lightweight fabric vest for the device is worn under clothes around the patient’s waist or from a shoulder strap. The monitor’s electrodes pick up the person’s electrocardiogram.

The company discovered “unusual activity” on its internal network on January 28, and consulted with a third-party cybersecurity firm and the authorities to mitigate the incident, reported SC Media.

An investigation tied the breach to current and former patients using the company’s LifeVest device, a wearable cardioverter defibrillator, and found that patient names, dates of birth, contact details, and social security numbers were compromised on or about February 2, though there is no indication that the data has been misused in any way, says the company. No other defibrillators or monitors designed by Zoll Medical were affected by the breach.

“Nothing about this cybersecurity incident affects the safety or operation of ZOLL’s medical devices or related software,” Zoll told HCB News. “We are in the process of notifying individuals whose information may have been affected by the incident, in accordance with all applicable data breach notification laws and regulations.”

Zoll previously encountered a breach in 2019, when an error made by third-party service provider Barracuda Networks during a server migration exposed archived emails, leading to the personal and medical data of 277,319 patients being compromised.

An investigation into the matter showed the exposure was not detected for two months. Zoll filed a lawsuit against Barracuda Networks, tasking it with record retention and maintenance requirements.

In 2021, multiple remote code execution vulnerabilities were found in ZOLL Defibrillator Dashboard, making it possible for a hacker to take control of the system, which streamlines management of defibrillators and allows administrators to monitor devices in real time in their enterprise environment and across multiple sites, according to SC Media.
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR